Linux  on  the  BrainShare  Novell  is  expected  to 

flesh  out  its  open  source  plans  at  annual  customer  confab.  PAGE  8. 


Court  case  SCO  continues  contentious  Linux  litigation, 
this  time  unleashing  its  lawyers  on  users.  PAGE  10. 
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crm  a 

Digging  for  digital  dirt. 


■  BY  DEBORAH  RADCLIFF 

igital  evidence  conies  in  all  shapes  and  sizes: 
pallets  full  of  computers,  a  hard  drive  with  an 
AK-47  bullet  hole  in  it,  audio  tapes  fished  out  of 
the  ocean,  mangled  floppies,  garbled  911  calls. 

Whenever  U.S.  government  agencies  investi¬ 
gating  a  crime  or  a  cybercrime  have  digital  evidence  that’s 
too  difficult  to  analyze,  they  send  it  to  the  Department  of 
Defense  computer  forensics  lab. 

The  evidence  can  arrive  in  a  military  vehicle,  via  FedEx 
or  through  the  U.S.  Postal  Service.  However  it 
gets  there,  it’s  accepted  at  the  loading 
dock  of  an  unmarked  commercial  build¬ 
ing  on  the  outskirts  of  Baltimore. 

It’s  then  logged  and  sent  to  an  evi¬ 
dence  custodian,  who  inventories, 
tags  and  stores  it  in  a  locked  cage. 

Network  World  was  invited  to  the 
Defense  Computer  Forensics  Lab 
(DCFL)  for  an  inside  look  at  how 
computer  investigators  at  the  cutting 
edge  are  using  digital  evidence  to 
help  solve  crimes. 

See  Computer  crime  lab,  page  37. 


Air  Force  Lt.  Col. 
Ken  Zatyko  says 
the  lab's  case¬ 
load  increased 
from  148  in  2000 
to  425  in  2003. 
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Microsoft  users  decry 
no  bang  for  big  bucks 


■  BY  JOHN  FONTANA 

A  host  of  Microsoft  users  say 
they  have  received  nothing  in 
return  for  the  tens  of  thousands  of 
dollars  spent  on  software  mainte¬ 
nance  contracts  set  to  expire  this 
summer. 

The  issue,  which  is  coming  to 
light  as  Microsoft  delays  various 
product  shipment  dates,  could 
explode  and  might  cost  Microsoft 
billions  of  dollars,  observers  say. 
Hundreds  of  thousands  of  cus¬ 
tomers  are  thinking  twice  about 
renewing  software  maintenance 
contracts  that  will  expire  by  July. 


With  the  renewals  so  critical  to 
Microsoft’s  balance  sheet  and  its 
battle  with  open  source  alterna¬ 
tives,  end  users  might  have  the 
best  negotiating  opportunity  they 
will  ever  see,  the  experts  say 
Scott  Matthews,  CTO  for  Digi- 
tech  Systems  in  Greenwood  Vill¬ 
age,  Colo.,  says  he  hopes  that 


is  true. 

In  June  2002  he  spent  $30,000 
on  a  software  maintenance  con¬ 
tract  for  SQL  Server  under  Micro¬ 
soft’s  new  annuity  licensing  pro¬ 
gram  called  Software  Assurance. 
The  program  was  introduced  two 
years  ago  to  reduce  Microsoft’s 
See  Microsoft,  page  53 


Bottom  line  alone 
isn’t  selling  VoIP 

Productivity  claims  draw  mixed  reactions. 

■  BY  PHIL  HOCHMUTH  AND  TIM  GREENE 

ORLANDO  — VoiceCon  2004  demonstrated  that 
more  businesses  are  seriously  considering  VoIRbut 
the  benefits  of  the  technology  remain  difficult  to 
justify  using  just  traditional  bottom-line  analysis. 

The  event  bucked  the  shrinking-show  phenome¬ 
non  that  has  plagued  the  IT  industry  by  drawing 
3,500  attendees  and  107  exhibitors  to  the  Walt 
Disney  World  Dolphin  Hotel,  up  from  last  year’s 
3,000  attendees  and  53  exhibitors. 

A  mix  of  IT  professionals  from  the  telecom  and 
datacom  worlds  heard  the  latest  about  VoIP  product 
and  service  developments.  But  customers  say  they 
still  find  it  difficult  to  make  the  case  that  the  tech¬ 
nology  will  save  money,  so  high-profile  vendors 
stepped  in  urging  an  alternative  rationale:  increased 
productivity 

In  a  keynote  address,  Avaya  CEO  Don  Peterson 
said  the  real  value  of  converged  networks  is  letting 

See  Voice,  page  52 


More  than  just 
a  modem  man 


■  BY  TIM  GREENE 


aybe  Brent 
Townshend 
8  ¥  I  would  have 
wound  up  in  court  no 
matter  what  he  invented. 

Since  creating  56K 
bit/sec  modem  technol¬ 
ogy  in  the  mid-1990s, 
the  California  engineer 
has  spent  a  lot  of  time 
suing  companies  that  don’t 
license  it  upfront  and  has  amassed  a  for¬ 
tune  in  the  process.  Although  he  had  been 
out  of  the  spotlight  in  recent  years, Towns¬ 
hend  reached  an  out-of-court  settlement  in 
December  with  Analog  Devices  over  alleged 
misuse  of  his  technology  and  has  a  court 

See  Modem,  page  13 
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Exclusive 

Dell  Gigabit  Ethernet  switch 
review  exclusives 

Head  online  to  get  the  detailed  background  on  how  our  testers  conducted 
this  week's  review  of  Dell's  PowerConnect  6024. 
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Audio  primer:  Basic  wireless  LAN  security 

In  this  primer,  we  look  at  some  of  the  technologies  and  techniques  used 
for  securing  a  small  office/home  office  wireless  LAN  network. 
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Messaging:  From  chaos  to  control 

Messaging  is  in  crisis.  Ever-escalating  e-mail  assaults  now  threaten  core 
competencies  of  even  the  most  sophisticated  corporations.  It's  time  for 
better,  more  aggressive  answers  that  again  make  messaging  a  corpo¬ 
rate-safe  application.  Industry  expert  and  Network  World  columnist  Mark 
Gibbs  will  present  the  latest  demos  and  new  tools. 
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IBM,  Sun  mulling  open  source  Java? 

Representatives  from  IBM  and  Sun  will  meet  soon  to  discuss  IBM’s 
proposal  to  create  an  open  source  version  of  Sun’s  Java  technol¬ 
ogy,  an  IBM  executive  said  last  week.  Sun  wants  to  hear  more 
details  about  IBM’s  proposal,  such  as  which  parts  of  Java  IBM 
would  like  to  see  made  open  source  and  how  such  a  plan  might 
be  carried  out.“We’ve  both  asked  each  other  to  think  about  things 
to  bring  to  the  table,  such  as  the  scope  of  what  we  have  in  mind 
and  how  we  might  do  this,”  said  Bob  Sutor,  IBM’s  director  of 
WebSphere  infrastructure. Sun  declined  to  comment  on  any  meet¬ 
ing,  and  it  remains  unclear  how  seriously  Sun  is  considering  IBM’s 
proposal.  IBM  applied  public  pressure  to  Sun  recently  when  Rod 
Smith,  vice  president  of  emerging  technologies  with  IBM’s  soft¬ 
ware  group,  penned  an  open  letter  to  Sun  encouraging  it  to  offer 
an  open  source  implementation  of  Java. 

Michael  Dell  gives  up  GEO  title 

Dell  founder  Michael  Dell  will  relinquish  his  CEO  title  to  current  President  and  COO 
Kevin  Rollins,  the  company  announced  last  week.  Dell  will  remain  chairman  of  the  com¬ 
pany’s  board  of  directors.  Rollins  was  appointed  CEO  during  a  meeting  of  Dell’s  board  of 
directors  Thursday  in  New  York.  The  move  will  be  effective  as  of  the  company’s  July  16 
shareholder  meeting.  Dell  still  will  be  “deeply  involved”  in  the  day-to-day  business  of  the 
company  he  founded  as  a  college  student  in  1984,  the  Round  Rock, Texas,  company  said. 
Rollins  and  Dell  essentially  have  shared  power  at  the  company  for  several  years  in  an 
unusual  arrangement  for  a  company  of  Dell’s  size. 

Site  Finder  foe  sides  with  ICANN 

Go  Daddy  Software,  which  last  year  filed  a  lawsuit  against  VeriSign  regarding  the  Site 
Finder  service,  upped  the  ante  in  its  opposition  last  week  by  pledging  $100,000  to  help  the 
Internet  Corporation  for  Assigned  Names  and  Numbers  defend  itself  over  its  right  to  reg¬ 
ulate  VeriSign’s  registry  services.  Go  Daddy’s  pledge  comes  in  response  to  a  suit  VeriSign 
filed  against  ICANN  that  accused  the  nonprofit  organization  of  overstepping  its  authority 
by  trying  to  regulate  Site  Finder  and  other  services  the  company  introduced.  Go  Daddy 
defended  ICANN’s  right  to  regulate  the  services  and  called  for  a  formal  review  ofVeriSign’s 
position  as  an  “exclusive  registry’  The  Scottsdale,  Ariz.,  company  said  it  has  sent  letters  to 
ICANN,  the  U.S.  Department  of  Commerce  and  various  U.S.  senators  calling  for  a  formal 
review  ofVeriSign’s  registry  position. VeriSign  representatives  were  not  immediately  avail¬ 
able  to  comment. 
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fime  for  an  e-mail  IQ  test? 

Brandon  Fuller  is  on  a  10,000-person  mailing  list  at  work.  And  last  week,  during  the 
utest  virus  onslaught  he  was  amused  to  see  just  how  many  messages  went  out 
warning  people  about  infected  attachments  —  and  follow-ups  advising  people  to  stop 
sending  out  warnings. 

Read  his  full  account  at  www.nwfusion.com,  DocFinder:  1045. 


Thi  GoodlheBad  IieUgly 

Showtime  in  Germany.  Who  says  trade  shows  are  dead?  Organizers 
of  the  annual  CeBit  expo  in  Hannover,  Germany,  say  they  expect  about  half  a  million 
people  to  attend  the  IT  event,  which  runs  March  18-24.  That  would  be  about  on  level 
with  last  year's  show. 

Money  to  burn.  The  'Net  was  abuzz  last  week  that  the  U.S.  government 
has  hidden  radio  frequency  ID  chips  in  $20  bills  to  track  your  spending  patterns. 
Need  proof?  Cooking  the  bills  in  a  microwave  oven  makes  them  explode.  But  those 
in  the  know  say  that  while  there  is  metal  in  certain  $20  bills,  there  are  no  RFID 
chips  in  them.y 


BRIAN  GAIDRY 


Outsourcing  is  for  ‘chumps.’  Rep.  Bernard  Sanders  (I  -  Vt.) 
explains  why  he  is  introducing  a  bill  to  bar  U.S.  companies  from  getting  federal  funds 
unless  they  do  a  better  job  of  protecting  U.S.  jobs:  “[It]  is  an  insult  to  the  middle 
class  of  this  country,  that  American  taxpayer  dollars  are  being  used  to  provide 
loans,  loan  guarantees,  grants,  tax  breaks  and  subsidies  to  huge  and  profitable 
corporations  who  then  say  to  the  American  people:  ‘Thanks  for  the  welfare,  chumps. 
But  we’re  closing  your  plant  and  taking  your  job  to  China.”' 

IDG:  Disk  storage  sales  up 

Growth  in  revenue  from  sales  of  disk  storage,  particularly  in  the  U.S.,  is  stronger  than  it 
has  been  for  two  years.  Worldwide  factory  revenue  for  external  disk  storage  systems 
grew  8.4%  year  on  year  to  $3.7  billion  in  the  fourth  quarter  of  2003,  IDC  said  last  week. 
The  overall  market  for  disk  storage  systems  grew  6.1%  year  on  year.  Favorable  exchange 
rates  were  a  leading  factor  in  growth  outside  the  U.S.,  but  the  U.S.  actually  saw  the 
strongest  growth,  at  7%. 

U.S.  urges  China  to  rethink  WLAN  plan 

The  Bush  administration  last  week  indicated  it  is  taking  steps  to  convince  China  to 
rethink  its  plan  to  impose  a  secret  wireless  encryption  standard  on  all  wireless  LANs 
used  in  China  as  of  June.  As  part  of  the  plan, China  also  intends  to  require  all  equipment 
manufacturers,  including  foreign  manufacturers,  to  license  the  Chinese  encryption  stan¬ 
dard  called  WAP1  from  a  list  of  about  a  dozen  Chinese  manufacturers  hand-picked  by 
the  Chinese  government.  The  U.S.  government’s  letter  is  said  to  have  been  signed  by 
Secretary  of  Commerce  Donald  Evans,  Secretary  of  State  Colin  Powell  and  the  White 
House  Trade  representative  Robert  Zoellick. 

Windows  XP  service  pack  carries  caveat 

When  Microsoft  releases  Service  Pack  2  for  Windows  XP  later  this  year,  some  software 
developers  might  find  their  applications  no  longer  work  on  updated  Windows 
machines.  Microsoft  has  made  something  of  a  trade-off  with  the  update,  focusing  on 
security  improvements  at  the  expense  of  backward-compatibility. 

The  firm  is  calling  on  developers  to  test  their  code  against  the  beta  version  of  SP2  or 
face  the  possibility  that  the  update  will  break  their  handiwork.  XP  SP2  is  more  than  the 
usual  roll-up  of  bug  fixes  and  updates.lt  is  also  being  used  to  make  significant  changes 
to  the  software  to  improve  security. These  changes  can  render  applications  inoperable, 
Microsoft  warns.  “It  may  surprise  some  of  the  developers  that  we  are  changing  some 
defaults,  and  that  may  affect  the  way  some  of  the  older  applications  run,”  says  Tony 
Goodhew,  a  product  manager  in  Microsoft’s  developer  group.  Microsoft  has  created 
an  online  training  course  that  details  the  implications  of  installing  SP2  on  XP  machines. 
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Betting  on  Linux 

Last  year  Novell  plunked 
down  more  than 

$250 

million 

for  Linux  acquisitions 
Ximian  and  SuSe. 


Linux  to  star  at 
Novell  conference 


■  BY  DENI  CONNOR 

Attendees  heading  to  Novell’s  annual  BrainShare  customer  confer¬ 
ence  later  this  month  should  anticipate  the  company  announcing  a 
variety  of  products  designed  to  flesh  out  its  Linux  strategy. 

Having  acquired  Linux  desktop  vendor  Ximian  and  the  industry’s  No. 
2  Linux  vendor,  SuSe,  over  the  past  year,  Novell  is  expected  to  tighten 
integration  between  those  companies’  products  and  its  own. 

“What  you  are  probably  going  to  see  is  [the  company]  bringing 
together  some  pieces  of  the  acquisitions  coupled  with  [Novell’s]  secu¬ 
rity,  identity  management  and  Extend  strategies,”  says  Earl  Perkins,  a 
vice  president  at  Meta  Group. “They  are  trying  to  put  together  a  vision 
that  brings  together  the  Linux  server  and  desktop  and  their  security 
and  identity  management  pla/ 

According  to  sources,  among  the  previews  Novell  is  expected  to 
make  at  BrainShare  are: 

•  The  integration  of  Novell’s 
ZENworks  management  suite  and 
Ximian’s  Red  Carpet  Enterprise. 

The  company  already  has  placed 
ZENworks  and  Red  Carpet  Enter¬ 
prise  under  the  Novell  Resource 
Management  umbrella  but  not  yet 
integrated  them  into  one  product. 

•  Details  of  a  future  unified  col¬ 
laboration  package  that  includes 
GroupWise,  iFolder,  Novell’s  stan- 
dards-based  NetMail  and  Messeng¬ 
er,  its  instant-messaging  package. 

•  An  upgrade  of  Nterprise  Linux 
Services  for  small  and  midsize 

businesses,  which  makes  it  easier  to  deploy  and  is  less  expensive. 
Nterprise  Linux  Services  consists  of  eDirectory  with  DirXML,  iFolder, 
iPrint,  NetMail,  Extend,  ZENworks  and  ZeroG.an  installation  service. 

•  Details  of  the  Novell  Collaboration  Solution  for  Linux,  a  collection 
of  Linux  products  that  includes  GroupWise  6.5  for  Linux,  the  Ximian 
Desktop  2, Ximian  Evolution  and  GAIM.an  instant-messaging  product. 
Ximian  Evolution  is  an  e-mail,  calendaring,  meeting  scheduling,  con¬ 
tact  management  and  task-list  package  for  Linux  and  Unix.  GroupWise 
6.5  is  presently  in  beta  test. 

•  Upgrades  across  its  Extend  and  identity  management  product 
lines. 

•  Two  new  Linux  certification  programs  and  a  project  to  make  an 
open  source  version  of  iFolder. 

•  Confirmation  that  HP’s  ProLiant  BL20p  blade  servers  will  support 
NetWare  6.5. 

Novell  declined  to  comment  on  its  BrainShare  announcements.The 
company  says  that  as  many  as  25%  of  an  expected  6,000-strong  audi¬ 
ence  will  be  first-time  attendees  drawn  by  an  interest  in  Linux. 

When  Novell  unveiled  its  Linux  plans  at  last  year’s  BrainShare,  users 
said  they  hoped  the  company  wouldn’t  domineer  other  open  source 
vendors. 

“Novell  really  has  to  embrace  the  Linux  community;  they  can’t  afford 
to  alienate  them,”  says  John  Enck,  vice  president  and  research  director 
at  Gartner.“lt’s  definitely  a  tricky  thing  for  them  to  pull  off  to  keep  their 
current  base  happy  but  still  open  their  arms  and  make  the  Linux  peo¬ 
ple  feel  welcome  and  loved.” 

Customer  reaction  to  Novell’s  Linux  push  has  generally  been  positive. 

“The  whole  Linux  foundation  is  such  a  great  direction  for  Novell, ’’says 
Gary  Hensley  director  of  IT  for  beverage  company  Odwalla  in  Half 
Moon  Bay  Calif.  Hensley  has  NetWare  and  Windows  servers.“lt  should 
put  them  in  a  great  position  to  compete.” 

“Moving  GroupWise  onto  Linux  is  a  good  move  strategically  for 
Novell,  says  Joe  Doupnik,  professor  of  electrical  and  computer  engi¬ 
neering  at  Utah  State  University  in  Logan.“The  more  support  we  have 
for  it,  the  better?  Doupnik  has  at  least  1 ,000  Linux  servers  installed  in 
his  environment  ■ 


Companies  take  cover  as 
worm  war  breaks  out 


■  BY  ELLEN  MESSMER 

An  Internet  gang  war  of  sorts 
broke  out  last  week  as  the  cre¬ 
ators  of  two  mass-mailer  com¬ 
puter  worms  battled  to  outdo 
each  other  by  releasing  a  dozen 
variants  of  the  worms,  called 
Bagle  and  Netsky,  in  rapid-fire 
fashion. 

The  conflict  had  corporations 
doing  what  they  could  to  stay 
out  of  the  crossfire. 

The  barrage  of  Bagle  and  Net- 
sky  variants  appeared  to  pit  rival 
virus  writers  in  Germany  and  the 
Czech  Republic  who  exchanged 
often-misspelled  taunts  with 
their  code,  such  as  “don’t  ruine 
our  busssiness”  and  “wanna  start 
a  war?” 

In  addition,  two  new  versions 
of  the  My  Doom  worm  appeared, 
and  a  wholly  new  one,  Hiton.A. 
This  unusually  wormy  week  had 
anti-virus  vendors  and  their  cus¬ 
tomers  stuck  in  rapid-response 
mode. 

“This  is  the  most  variants  we’ve 
seen  released  in  a  particular 
week,”  says  Alfred  Huger,  senior 
director  of  engineering  at  Sym¬ 
antec  Security  Response,  adding 
it  far  outstripped  anything  he 
could  recall.  “It’s  so  prolific,  it’s 
affecting  mail  servers,  making 
them  go  down.” 

Like  other  anti-virus  vendors,  Sy¬ 
mantec  went  into  overdrive,  sort¬ 
ing  out  which  variants  required  a 
signature  update  that  customers 
would  need  to  apply  as  quickly  as 
possible  to  desktops,  servers  and 
other  gateways. 

“Because  they’re  coming  out 
so  fast  and  furious,  the  need  to 
stay  updated  is  paramount,”  says 
Matt  Marchionne,  data  security 
specialist  at  Burlington  Coat  Fac¬ 
tory  in  Burlington,  N.J.  The  re¬ 
tailer  uses  Eset  Software’s  desk¬ 
top  anti-virus  software. 

Burlington  Coat  Factory  does¬ 
n’t  leave  it  up  to  its  employees  to 
decide  when  to  get  updates  from 
Eset  servers.  Instead,  each  user’s 
computer  automatically  checks 
the  Eset  update  server  at  regular 
intervals.  When  there’s  a  barrage 
of  worms,  as  there  was  last  week, 
the  company’s  IT  staff  re-sets  the 
automated  update  to  tighter 
intervals  —  from  a  day  to  an 
hour  or  even  less  —  even  though 
it  can  take  up  internal  network 
capacity. 

Increasingly, companies  appear 
unwilling  to  rely  on  anti-virus 


Chasing  worm 
variants 

The  proliferation  of 
worms  and  their  variants 
has  taxed  anti-virus 
efforts: 

•  Outbreaks  have  security 
professionals  in  “emer¬ 
gency  mode"  all  the  time. 

•  More  decisions  required 
as  to  whether  a  variant  is 
different  enough  to  war¬ 
rant  a  signature  update. 

•  Concerns  mount  over 
worms  concealed  in 
password-protect  ZIP 
files,  which  anti-virus 
software  can't  open. 

•  Organizations  spurred  to 
look  beyond  anti-virus 
software  to  stop  barrage. 

software  alone  to  protect  them¬ 
selves  against  worms. 

One  firm,  Tripos,  a  St.  Louis 
company  that  makes  products 
for  the  pharmaceutical  industry, 
battens  down  its  network  by  not 
granting  users  access  until  they 
have  passed  an  inspection  to 
assure  they  have  updated  anti¬ 
virus  software  on  their  ma¬ 
chines.  Tripos  does  this  using  a 
policy-management  appliance 
called  CyberGatekeeper  and  the 
desktop  CyberArmor  firewall 
from  InfoExpress. 

“We  set  policies  that  laptops 
have  to  have  updated  anti-virus,” 
says  Nathan  Burns,  network  secu¬ 
rity  administrator  at  Tripos.  Users 
within  the  network  or  remotely 
accessing  it  will  be  directed  to 
update  their  anti-virus  software 
—  Tripos  uses  Symantec  —  if 
their  computers  don’t  pass 
inspection. 

Making  matters  worse 

To  make  matters  worse  last 
week, a  number  of  the  Bagle  vari¬ 
ants  were  discovered  concealed 
inside  password-protected  ZIP 
files.  These  ZIP  files  aren’t  stop¬ 
ped  through  the  usual  anti-virus 
scanning  process. 

“The  simple  rule  is,  [anti-virus 
software]  can’t  look  inside  a 
password-protected  ZIP  file;  [it 
has]  to  look  at  it  in  order  to  rec¬ 
ognize  a  specific  fingerprint,” 
says  Jimmy  Kuo,  McAfee  re¬ 
search  fellow.  He  adds  that 
Windows  XR  which  includes  a 


way  to  let  users  double-click  to 
read  headers  on  ZIP  files,  unfor¬ 
tunately  makes  it  easier  for 
users  to  be  fooled  by  tricks  that 
virus  writers  come  up  with  to 
dupe  people  into  opening  ZIP 
attachments. 

Some  corporations  say  ban¬ 
ning  incoming  attachments  en¬ 
tirely  is  one  way  to  add  protec¬ 
tion  against  worms. 

“Netsky  is  one  of  the  big  ones 
right  now,”  says  Bob  Wood, senior 
network  analyst  at  Skokie,  Ill., 
map  publisher  Rand  McNally, 
about  last  week’s  mass-mailer 
worm  wave.  “But  we  just  don’t 
allow  attachments  that  would 
damage  our  computers.” 

Wood  says  the  company  adopt¬ 
ed  the  approach  after  getting 
slammed  a  few  years  ago  in  a 
mass-mailer  worm  outbreak. 

Another  firm,  Daniels  Trading,  a 
commodities  exchange  in  Chi¬ 
cago,  says  anti-virus  software  just 
isn’t  enough  when  worm  attacks 
are  coming  so  fast.  According  to 
COO  Glenn  Swanson,  the  com¬ 
pany  also  relies  on  Cisco’s 
behavior-blocking  software,  Cis¬ 
co  Security  Agent,  to  stop  worm 
activity  on  desktops. 

“The  software  stops  suspicious 
behavior  —  for  instance,  you 
can’t  grab  a  whole  e-mail  list  and 
send  it  out,”  Swanson  says.  While 
Cisco  Security  Agent  has  halted 
many  worms  in  their  tracks, 
Swanson  notes  that  virus  writers 
are  getting  more  crafty.  At  least 
one  Netsky  variant  grabs  a  lim¬ 
ited  number  of  e-mail  addresses 
at  a  time. 

The  worm  wars  are  making 
some  angry,  calling  for  tougher 
law  enforcement  response. 

“It’s  hard  to  imagine  a  more 
comical  situation:  A  handful  of 
virus  writers  are  playing  unpun¬ 
ished  with  the  Internet,  and  not 
one  member  of  the  Internet 
community  can  take  decisive 
action  to  stop  this  lawlessness,” 
says  Eugene  Kaspersky,  head  of 
anti-virus  research  at  Kaspersky 
Labs  in  Moscow. 

He  predicts  the  worm  wars 
will  continue  until  there’s  more 
effective  prosecution  of  virus 
writers.* 
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S80  takes  Linux  battle  to  users 


■  BY  JENNIFER  MEARS 

The  SCO  Group  has  stepped 
up  its  campaign  to  protect  its 
intellectual  property  rights  by 
making  good  on  a  promise  to 
take  aim  at  end  users,  but 
despite  the  flurry  of  legal  activity 
last  week  customers  and  indus¬ 
try  observers  remain  steadfast  in 
their  support  of  Linux. 

“We,  along  with  the  rest  of  the 
Linux  community,  have  been 
waiting  for  this,”  says  Joe  Poole, 
technical  director  at  Boscov’s 
Department  Stores  in  Reading, 
Pa.,  which  runs  SuSe  Linux.  “It 
really  has  become  a  non-issue 
because  nothing  has  been 
proven.” 

On  Wednesday  the  same  day 
SCO  announced  a  $2.2  million 
loss  on  revenue  of  $11.4  million, 
the  company  said  that  it  had  filed 
a  pair  of  lawsuits:  one  regarding 
copyright  violations  in  Linux 
against  AutoZone,  and  the  other 
claiming  breach  of  contract  in  a 
Unix  software  agreement  with 
DaimlerChrysler. 

The  first  lawsuit,  filed  in  U.S. 
District  Court  in  Nevada  against 
AutoZone  of  Memphis,  Tenn., 
centers  on  SCO’s  claim  that  Unix 
code  —  which  the  company 
says  it  owns  —  has  illegally  been 
ported  into  Linux.  In  the  suit, SCO 
says  AutoZone  is  “running  ver¬ 
sions  of  the  Linux  operating  sys¬ 
tem  that  contain  code,  structure, 
sequence  and/or  organization 
from  SCO’s  proprietary  Unix  Sys¬ 
tem  V  code  in  violation  of  SCO’s 
copyrights.” 
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■  THIS  WEEK’S  QUESTION: 

Don’t  confuse  him  with 
the  former  pro  basket¬ 
ball  star,  but  Michael 
Jordan  serves  as  chair¬ 
man  and  CEO  of  one  of 
the  top  Network  World 
200  companies. 

Which  one? 

Stumped?  Get  the  answer  online. 

Visit  Network  World  Fusion  and  enter 
2349  in  the  Search  box. 


The  second  lawsuit,  filed  in  the 
Oakland  County  Circuit  Court  in 
Michigan,  says  DaimlerChrysler 
failed  to  meet  the  terms  of  a  Unix 
software  agreement  it  holds  with 
SCO.  The  lawsuit  is  based  primar¬ 
ily  on  SCO’s  claims  the  Auburn 
Hills,  Mich., automaker“refused  to 
provide  the  certification  of  com¬ 
pliance  with  the  provisions’”  of 
the  software  agreement. 

A  DaimlerChrysler  spokeswo¬ 
man  said  the  company  has  not 
yet  been  served  with  the  lawsuit 
and  could  not  comment.  Auto¬ 
Zone  declined  to  comment. 

SCO’s  plan  of  attack  is  obvi¬ 
ous,  observers  say:  Put  pressure 
on  Big  Blue.  According  to  the 
IBM  Web  site,  DaimlerChrysler 
runs  IBM  pSeries  servers.  It  also 
runs  a  Linux  cluster  on  IBM 
workstations.  AutoZone  is  an 
IBM  customer  as  well. 

“This  is  all  part  of  SCO’s  contin¬ 
uing  strategy  to  put  pressure  on 
IBM,”  says  Jeffrey  Neuburger,  an 


intellectual  property  attorney  at 
Brown  Raysman  Millstein  Felder 
&  Steiner.  “One  effective  way  of 
putting  pressure  on  a  company  is 
by  suing  its  customers  in  an  intel¬ 
lectual  property  issue.” 

Meanwhile,  three  companies, 
including  Computer  Associates, 
last  week  confirmed  they  had 
each  purchased  an  Intellectual 
Property  License  for  Linux.  SCO 
first  made  the  licenses  available 
last  summer  for  $699  per  server  as 
a  way  of  letting  companies  run¬ 
ning  Linux  protect  themselves 
against  possible  litigation  (see 
graphic,  page  13). 

Computer  Associates,  a  staunch 
supporter  of  Linux  and  a  found¬ 
ing  member  of  the  Open  Source 
Development  Labs,  says  it  pur¬ 
chased  the  license  as  part  of  a 
$40  million  settlement  reached  in 
August  in  a  breach  of  contract 
dispute  with  technology  incuba¬ 
tor  Canopy  Group  and  one  of  its 
offshoots,  Center  7.  Canopy  Group 


is  a  major  investor  in  SCO. 

“CA  disagrees  with  SCO’s  tac¬ 
tics,  which  are  intended  to  intimi¬ 
date  and  threaten  customers,” 
says  Sam  Greenblatt,  senior  vice 
president  and  chief  architect  of 
the  Linux  Technology  Group  at 
CA.  “CAs  license  for  Linux  tech¬ 
nology  is  part  of  a  larger  settle¬ 
ment  with  Canopy  Group.  It  has 
nothing  to  do  with  SCO’s  strategy 
of  intimidation.” 

SCO  CEO  Dari  McBride  is  hop¬ 
ing  that  filing  end-user  lawsuits 
will  persuade  more  Linux  users 
to  purchase  SCO’s  intellectual 
property  licenses.  He  likened  his 
company’s  legal  efforts  to  those 
of  the  recording  industry  as  it 
sought  to  end  the  illegal  down¬ 
load  of  copyrighted  music. 

“We  anticipate  that  there  are 
many  end  users  that  have  not 
considered  the  ramifications  of 
the  unlicensed  use  of  SCO  copy¬ 
righted  technology  and  that  an 
increasing  number  of  companies 


will  now  take  the  appropriate 
action  to  license  SCO’s  intellectu¬ 
al  property’  he  said  during  a  con¬ 
ference  call  last  week. 

Analysts  and  attorneys  doubt 
that  will  be  the  case.  For  one 
thing,  they  say  in  the  music 
industry  case  it  was  clear  who 
owned  the  copyrighted  material. 
Things  aren’t  so  clear  with  SCO. 
SCO  is  in  litigation  with  Novell 
over  who  actually  owns  the 
copyrights  to  Unix.  The  initial 
Unix  intellectual  property  rights 
case,  which  was  filed  against  IBM 
a  year  ago,  is  progressing.  IBM  last 
week  was  ordered  to  show  SCO 
specific  Unix  code  that  might  be 
in  question.  SCO,  in  turn,  was 
ordered  to  point  out  exactly 
See  SCO,  page  13 


Customers:  Ebbers  charges  send  a  message 

■  BY  DENISE  PAPPALARDO 


News  that  former  WorldCom  CEO  Bernie  Ebbers 
faces  criminal  charges  for  his  role  in  the  country’s 
worst  accounting  scandal  is  being  cheered  by  cus¬ 
tomers  and  industry  experts  who  see  accountability 
as  key  to  discouraging  future  shenanigans. 

Ebbers  was  charged  last  week  with  three  federal 
counts  stemming  from  the  company’s  more  than 
$9  billion  accounting  scandal  that  came  to  light  in 
July  2002.  Soon  thereafter,  the  company,  now 
called  MCI,  filed  for  the  largest  bankruptcy  in 
U.S.  history. 

“Capitalism  is  founded  on  an  institution  of  trust 
that’s  been  shaken,”  says  Johna  Till  Johnson,  presi¬ 
dent  at  consulting  firm  Nemertes  Research  and  a 
Network  World  columnist.  “Bernie  doing  the  perp 
walk  brings  a  little  more  confidence  back  to  the 
system.” 

Until  last  week,  it  wasn’t  clear  whether  Ebbers  was 
going  to  be  charged.  But  the  carrier’s  former  CFO 
Scott  Sullivan  accepted  a  plea  arrangement  earlier 
in  the  week  that  seemed  to  have  sealed  Ebbers’  fate. 

“We  champion  any  effort  by  the  [Department  of 
Justice]  or  whomever,  to  set  an  example  of  these 
wrongdoings,”  says  Dayne  Sampson,  vice  president 
of  IT  for  Ask  Jeeves  and  also  an  MCI  customer.  “We 
are  happy  to  see  it.” 

Although  he  thinks  bringing  Ebbers  to  justice  is 
the  right  thing  to  do,  he  also  thinks  MCI,  which  is  expected  to  emerge 
from  bankruptcy  in  April, could  suffer  a  backlash. 

“MCI  is  doing  its  best  to  drag  itself  out  of  the  mud,  and  this  is  proba¬ 
bly  going  to  drag  them  back,”  Sampson  says. “The re  are  a  lot  of  decent 
people  who  work  there.” 

The  company  has  tried  to  distance  itself  from  the  scandal  that 
brought  it  into  bankruptcy 

Others  are  hopeful  that  some  good  will  come  from  the  fact  that  spe¬ 
cific  executives  are  being  held  accountable. 


AO  PHOTO  /  MASAHIKO  YAMAMOTO 


Former  WorldCom  CEO  Bernie  Ebbers,  center,  is  escorted  by  federal  agents  after  turning  him¬ 
self  in  last  week  on  charges  of  conspiracy  to  commit  securities  fraud  and  making  false  state¬ 
ments  to  the  Securities  and  Exchange  Commission. 


“The  indictment  of  Bernie  Ebbers  and  recent  legislation  like 
Sarbanes-Oxley  Act  should  discourage  other  telecom  executives 
from  fraudulent  accounting  practices,”  says  Bill  Strickland,  network 
services  national  manager  at  Toyota  Motor  Sales  USA  and  an  MCI  IP 
VPN  customer. 

“Over  time  [charging  Ebbers]  should  result  in  investor  confidence 
returning  to  the  telecom  sector.  A  conviction  could  expedite  the  recov¬ 
ery  of  MCI  and  help  bring  closure  to  the  loss  experienced  by  stock¬ 
holders  and  employees  of  MCI,”  he  says.B 
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IBM  targets  vertical  markets,  SMBs 

Big  Blue  uses  PartnerWorld  event  to  showcase  integration  tools. 


■  BY  ANN  BEDNARZ 

LAS  VEGAS  —  Users  can  expect 
to  see  more  products  from  IBM 
flavored  with  industry-specific 
capabilities  and  aimed  at  midsize 
companies. At  least  that’s  the  mes¬ 
sage  from  IBM’s  most  senior  exec¬ 
utives,  who  turned  out  last  week 
to  woo  some  of  Big  Blue’s  90,000 
business  partners  —  a  lucrative 
sect  responsible  for  $29  billion  of 
IBM’s  $89  billion  2003  revenue. 

CEO  Sam  Palmisano,  a  rarity  on 
the  keynote  circuit,  kicked  off 
IBM’s  PartnerWorld  conference, 
stressing  that  IBM  and  its  partners 
need  to  deliver  what  customers 
want:  integrated,  standards-based 
systems  as  opposed  to  the  propri¬ 


etary  piecemeal  technologies  of 
the  past.“The  client  is  insisting  on 
simple,  standardized  approaches. 
They  no  longer  want  to  be  the 
self-integrator;”  he  said. 

A  number  of  IBM’s  new  initia¬ 
tives  are  aimed  at  freeing  cus¬ 
tomers’  IT  resources,  which  today 
are  consumed  by  mundane  sys¬ 
tems  —  and  application  integra¬ 
tion  work.  If  the  integration  bur¬ 
den  is  removed,  customers  can 
focus  more  on  strategic  develop¬ 
ment  projects  to  drive  their  own 
revenue  growth, which  will  spur  IT 
spending,  Palmisano  said. 

To  that  end,  IBM  announced 
two  tools  designed  to  make  it  eas¬ 
ier  for  users  to  identify  and 
respond  to  business  events.  The 


first  is  Common  Event  Infrastruc¬ 
ture  (CEI),  software  designed  to 
integrate  events  from  routers, 
servers,  applications  and  databas¬ 
es  into  one  console.The  goal  is  to 
help  IT  managers  identify  and 
track  the  correlation  between  a 
business  activity  such  as  a  slug¬ 
gish  payment  validation  process, 
and  a  systems  bottleneck  such  as 
an  unresponsive  server. 

The  second  is  the  Orchestration 
and  Provisioning  Automation 
Library  (OPAL),  a  collection  of 
automated  workflows  for  in¬ 
stalling,  configuring  and  deploy¬ 
ing  key  system  and  business 
processes.  With  the  help  of  part¬ 
ners,  IBM  plans  to  populate  OPAL 
with  scripted  workflows  for  stor¬ 


Wireless  LAN  industry  starts 
raising  antennas  over  MIM0 


Making  a  difference 

MIMO  supporters  say  the  smart  antenna  technology 
(such  as  Airgo’s  card  shown  here)  could  have  a  dramatic 
effect  on  enterprise 
wireless  LANs,  such 
as  by: 

•  Reducing  the 
number  ofWLAN 
access  points  needed  per  site. 

•  Lowering  installation  and  cabling  costs. 

•  Increasing  network  reliability. 

•  Supporting  more  demanding  applications. 


■  BY  JOHN  COX 

Wireless  LANs  soon  will  start 
doubling  or  more  in  throughput 
and  range  if  a  smart  antenna  tech¬ 
nology  dubbed  MIMO  pans  out  as 
its  backers  anticipate. 

Multiple-input-multiple-output, 
or  MIMO  (pronounced  “my-moh” 
or“mee-moh”),  has  made  its  way 
into  chipsets  and  could  be  in 
WLAN  devices  by  year-end. 

“Everybody  is  working  on  this,” 
says  Craig  Mathias,  principal  with 
wireless  consultancy  Farpoint 
Group.  “It’s  the  most  important 
radio  technology  for  the  next  few 
years.” 

MIMO  algorithms  in  a  radio  chipset  send  informa¬ 
tion  out  over  two  or  more  antennas.  The  radio  sig¬ 
nals  reflect  off  objects, creating  multiple  paths  that  in 
conventional  radios  cause  interference  and  fading. 
But  MIMO  uses  these  paths  to  carry  more  informa¬ 
tion,  which  is  recombined  on  the  receiving  side  by 
the  MIMO  algorithms. 

Many  WLAN  vendors  expect  that  some  form  of 
MIMO  will  be  the  basis  of  work  just  starting  in  the 
IEEE  802.1  In  Task  Group,  which  is  creating  a  speci¬ 
fication  for  WLANs  having  at  least  100M  bit/sec 
throughput.  The  3rd  Generation  Partnership  Pro¬ 
ject,  a  collaboration  of  telecom  standards  groups, 
also  is  evaluating  MIMO  techniques  for  use  in  cel¬ 
lular  networks. 

Part  of  the  enthusiasm  for  MIMO  is  based  on  the 
conviction  that  it  can  dramatically  boost  perfor¬ 
mance  and  range,  and  still  handle  existing 
802.1  la/b/g  radios, with  only  a  slight  initial  increase 
in  price  over  those  products. 

The  Holy  Grail  in  radio  technology  is  increased 
spectral  efficiency,  or  how  many  bits  per  second  per 


hertz  pass  through  the  air,  Mathias  says.  MIMO  dou¬ 
bles  the  spectral  efficiency  compared  with  that  of 
current  WLANs.The  maximum  data  rate  for  802.1  lg 
and  802.11a  networks  is  54M  bit/sec,  though  actual 
throughput  is  closer  to  20M  to  30M  bit/sec.  Current 
MIMO  techniques  can  boost  raw  WLAN  throughput 
to  108M  bit/sec, supporters  say. 

So  far,  the  only  company  with  MIMO  chipsets  is 
Airgo  Networks.  Former  Stanford  University 
researchers  Greg  Raleigh  and  VK.  Jones,  who  ham¬ 
mered  out  some  mathematical  proofs  for  MIMO 
and  multipath,  founded  this  Palo  Alto  radio  chip 
designer. 

One  leading  WLAN  vendor  has  tested  Airgo  prod¬ 
ucts  for  six  months  and  has  decided  to  use  MIMO  in 
products  due  out  by  year-end.“Our  engineers  found 
a  200%  to  400%  increase  compared  to  the  perfor¬ 
mance  of  other  [802.1 1]  products,” says  a  vice  pres¬ 
ident  with  this  vendor  who  requested  anonymity. 
“They  found  a  150%  to  300%  increase  in  range.” 

Right  now,  MIMO's  range  increase  is  the  decisive 
feature  for  the  vendor,  so  a  WLAN  access  point  can 

See  MIMO,  page  53 


((Seldom  does  anybody  vote  for 
a  new  idea.  You  have  to  push  it 
out  there.  1 1 


Robert  Redford 

President  of  Sundance  Institute,  speaking  on  the 
subject  of  innovation  at  IBM  PartnerWorld. 


age, servers, applications  and  mid¬ 
dleware,  and  processes  tailored 
to  industries  such  as  banking, 
retail  and  healthcare. 

Initiatives  such  as  CEI  and  OPAL 
illustrate  IBM’s  commitment  to 
partnering, says  Paul  Mason,  group 
vice  president  for  infrastructure 
software  research  at  IDC. 

“These  initiatives  show  that 
even  a  company  with  the  breadth 
of  resources  IBM  has  can’t  do 
everything  on  its  own,”  he  says. 
“IBM  doesn’t  have  the  domain 
expertise  in  vertical  industries  or 
the  close  contact  with  customers 
that  some  partners  have.” 

Prolific  partners 

IBM’s  network  of  independent 
software  vendors  (ISV),  distribu¬ 
tors  and  resellers  handle  a  signifi¬ 
cant  percentage  of  Big  Blue’s  cus¬ 
tomers,  many  of  which  are  too 
small  for  IBM  to  reach  cost-effec¬ 
tively  through  direct  sales.  Last 
year,  partners  drove  61%  of  IBM’s 
server  revenue,  58%  of  storage  rev¬ 
enue,  50%  of  small  and  midsize 
business  (SMB)  revenue  and  23% 
of  software  revenue.  Together, 
partner-generated  revenue  is 
growing  fast,  up  16%  to  $29  billion 
in  2003,  according  to  Mike 
Borman,  general  manager  of 
global  business  partners  at  IBM. 

Looking  ahead,  IBM  wants  to 
focus  its  partner  resources  in  two 
key  areas:  creating  industry- 
focused  offerings  and  capturing 
SMB  market  share. 

Industry  expertise  is  an  ongoing 
push  of  IBM.  Last  year,  IBM  reorga¬ 
nized  its  sales  teams  around 
industries  and  started  issuing 
dozens  of  vertically  focused  mid¬ 
dleware  products.  It  now  offers  62 
industry-branded  integration  pro¬ 
ducts,  according  to  Steve  Mills, 
senior  vice  president  in  charge  of 
IBM’s  software  group. 

At  PartnerWorld,  IBM  an¬ 
nounced  it  is  extending  this  verti¬ 
cal  orientation  to  its  ISV  partners. 

Meanwhile,  SMBs  represent  a 


$300  billion  opportunity  accord¬ 
ing  to  Marc  Lautenbach,  general 
manager  of  SMB  for  IBM.  There 
are  500,000  businesses  with 
between  100  and  999  employees 
that  will  spend  $173  billion  on  IT, 
and  millions  of  businesses  with 
fewer  than  100  employees  that 
will  spend  $126  billion  on  IT, 
Lautenbach  said. 

IBM  says  it  hopes  to  lure  some 
of  those  dollars  with  its  growing 
SMB  portfolio.  New  to  the  mix  is 
Integrated  Runtime,  a  stack  of  pre¬ 
configured  IBM  middleware  — 
including  WebSphere  Application 
Server  Express  and  DB2  Universal 
Database  Express  —  aimed  at 
simplifying  deployment. 

On  the  research  front,  IBM  is 
working  on  SMB-oriented  pro¬ 
jects  such  as  wizards  to  make  it 
easier  for  systems  integrators  to 
link  IBM  technology  Lautenbach 
said.  OptimalGrid,  which  auto¬ 
mates  certain  grid  computing 
setup  tasks  such  as  enlisting  com¬ 
puting  nodes  and  delivering 
code,  also  is  aimed  at  SMB  users. 

Actor,  director  and  entrepreneur 
Robert  Redford,  a  keynote  speak¬ 
er  at  PartnerWorld,  applauded 
IBM  and  its  partners’  support  for 
SMBs,  which  he  described  as  a 
threatened  species  in  today’s 
world  of  corporate  mergers  and 
acquisitions. 

Consolidating  markets  take 
away  options  and  diversity  Red¬ 
ford,  president  of  the  Sundance 
Institute,  said.  If  instead  of  com¬ 
bining,  companies  could  stay 
independent  and  branch  out 
through  partnerships, “then  I  think 
you’re  keeping  alive  the  ability  to 
be  flexible,”  he  said. 

He  encouraged  attendees  to 
think  creatively  take  risks  and 
champion  new  ideas.  “Seldom 
does  anybody  vote  for  a  new 
idea.  You  have  to  push  it  out 
there,”  Redford  said. 

Senior  Writer  Denise  Dubie  con¬ 
tributed  to  this  report. 
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Modem 

continued  from  page  1 

date  in  July  with  Cisco,  Intel 
and  others. 

But  the  little-known  story  be¬ 
hind  his  fast  modem  invention  is 
that  he  came  up  with  the  idea  in 
1993  while  building  an  appli¬ 
ance  for  downloading  music 
from  servers  over  direct-dial 
phone  connections.  His  Music 
Fax  system  looked  to  be  a  pre¬ 
cursor  of  file-sharing  systems  — 
and  lawsuit  magnets  —  such  as 
Napster  and  Kazaa. 

Working  on  Music  Fax.Towns- 


sco 

continued  from  page  10 


hend  recognized  that  modem 
speeds  were  too  slow  for  real¬ 
time  playing  of  songs.  Early 
MPEG  could  transmit  good 
sound  at  50K  to  60K  bit/sec,  but 
the  fastest  modems  topped  out 
at  33.6K  bit/sec. 

Townshend  noticed  that  down¬ 
loads  from  servers  connected  to 
the  phone  network  via  digital 
links, such  as  T-ls,  could  reach 
56K  bit/sec  because  they  didn’t 
have  to  undergo  speed-sapping 
analog-to-digital  conversions.  Up¬ 
loads  required  these  conver¬ 
sions,  limiting  speeds  to  33.6K 
bit/sec.  He  patented  technology 


essential  to  making  fast-down, 
slow-up  modems. 

“I  said, ‘This  is  an  easy  thing 
to  do.  I  can  just  license  this  to 
people  that  are  in  the  modem 
business.  I  don’t  have  to  start 
competing  with  them  or  set  up 
my  own  distribution ’’’Towns¬ 
hend  says. 

His  patent  claim  came  as  a  hor¬ 
rible  surprise  to  International 
Telecommunication  Union  mem¬ 
bers  working  on  a  56K  bit/sec 
modem  standard  in  1996.  At  a 
meeting,  word  came  out  that 
Townshend  not  only  filed  for  a 
patent  but  had  already  licensed 
his  ideas  to  modem  maker  U.S. 
Robotics. 

“Everyone  was  a  little  upset 
that  this  pops  out  at  what  felt 
like  a  late  time  in  the  process 
and  hadn’t  come  up  to  the  sur¬ 
face  before,”  says  Ken  Krech- 
mer,  a  member  of  that  ITU  com- 
mittee.“It  really  created  an 
enormous  mess.” 

When  Townshend  showed  up 
at  the  next  ITU  meeting,  every¬ 
one  took  note.“I  wanted  to  get  a 
sense  of  the  guy  and  what  he 
thought  he  was  doing,”  Krechmer 
says.“I  got  the  impression  of  a 
good, solid  technical  guy  a  good 
applied  mathematician  who  saw 
that  there  was  a  really  interesting 
way  to  solve  a  specific  problem 
and  decided  to  patent  it.” 

The  44-year-old  Townshend, 
who  has  licensed  his  technology 
for  millions  of  devices,  presented 
reasonable  terms  and  the  ITU 
work  went  ahead.  (Licensing  fees 
have  dropped  from  as  much  as 
$2.50  per  modem  to  as  little  as 
22  cents  per  modem  between 
1999  and  today.) 

He  wouldn’t  detail  how  much 
he  has  reaped  in  modem 
license  fees  over  the  years.  But 
with  analysts  estimating  that 
roughly  100  million  56K  mo¬ 
dems  were  sold  in  each  of  the 
past  two  years,  figure  he’s  getting 
at  least  $22  million  a  year  in 
license  fees  based  on  a  22-cent 
fee  per  soft  modem. 

Born  to  invent 

The  path  that  led  him  to  that 
day  started  back  in  high  school 
in  his  hometown  of  Toronto.  He 
developed  a  cottage  industry  — 
building  signal-processing  boxes 
for  University  of  Toronto  re¬ 
searchers  so  their  lab  computers 
could  talk  to  their  electronic 
measurement  gear. 

“These  people  must  have  been 
amazed  at  the  deal  they  were 
getting  because  they’d  come  and 
get  me  to  build  the  thing  and  I’d 
spend  a  month  and  charge  them 
$400, "Townshend  says. 


He  went  on  to  earn  a  Ph.D.  in 
electrical  engineering  from 
Stanford  University  in  1987.  His 
thesis  adviser,  Robert  White, says 
Townshend’s  contribution  to  a 
prosthesis  project  enabled  the 
research  group  to  focus  electri¬ 
cal  impulses  on  human  audito¬ 
ry  nerves  without  having  the 
electrodes  come  in  contact  with 
the  nerves  themselves. 

“He  made  a  very  clever  real¬ 
ization  that  an  existing  principle 
would  apply  to  our  case,”White 
says.“It  was  one  of  those  ‘why 
didn’t  I  think  of  that’  kind  of 
ideas.” 

Also  in  1987  Townshend 
joined  Bell  Labs,  where  he 
worked  until  1990  studying 
speech  recognition  and  low-bit- 
rate  speech  encoding  to  make 
the  most  of  cell-phone  band¬ 
width. Then  he  moved  to 
Montreal  to  start  Townshend 
Computer  Tools,  which  devel¬ 
oped  Dat  Link,  a  signal  proces¬ 
sor  for  making  high-quality 
audio  recordings  that  it  sold 
through  several  companies, 
including  Entropic  Research. 

He  also  developed  a  system 
called  Griffe  for  certifying  the 
authenticity  of  faxes.  But  Music 
Fax  and  the  56K  bit/sec  modem 
came  along,  derailing  Griffe. 

In  1993  in  the  midst  of  the 
Music  Fax  work  he  moved 
Townshend  Computer  Tools  to 
Menlo  Park,  Calif.,  where  he 
shared  space  with  the  West  Coast 
office  of  Entropic,  which  was  run 
by  Jared  Bernstein. 

When  Bernstein  incorporated 
Ordinate,  a  speech-assessment 
software  company  in  1997,  he 
lured  Townshend  to  serve  as 
CEO.  Ordinate’s  PhonePass  prod¬ 
uct  is  used  to  evaluate  how  well 
non-native  English  speakers  have 
learned  to  speak  the  language. 

Bernstein  says  his  colleague 
has  changed  very  little  since 
they  met.  He  dresses  a  little  bet¬ 
ter.  Soon  after  Townshend  start¬ 
ed  licensing  modems,  he 
bought  a  new  home,  but  not  an 
ostentatious  one.  Bernstein  says 
a  film  crew  that  shot  a  docu¬ 
mentary  on  Canadians  who 
made  it  big  in  Silicon  Valley 
didn’t  film  Townshend’s  house 
because  it  didn’t  fit  with  the 
image  of  success  they  were 
portraying. 

His  former  adviser,  White,  says 
Townshend  remains  modest. 
Townshend  attended  a  reunion 
of  graduate  students  but  never 
let  on  the  level  of  success  he 
achieved  with  the  modems.* 
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which  code  in  Linux  might  have  come  from  Unix. 

“There’s  nothing  in  copyright  law  that  requires  me  to  pay  for  a 
license  just  because  someone  says  he  has  a  copyright  while  at  the 
very  same  moment  he’s  suing  somebody  else  who  says  he  doesn’t,” 
says  Eben  Moglen,  professor  of  law  at  Columbia  University  and  gen¬ 
eral  counsel  of  the  Free  Software  Foundation.  “So  I  have  to  say 
despite  all  this  rumbling  from  SCO  . . .  things  are  pretty  much  where 
they  were  before.  SCO  against  Novell  means  nobody  actually  is  sure 
that  SCO  owns  anything." 

Meanwhile,  SCO’s  legal  fees  are  mounting:  it  reported  costs  of  $3.4 
million  in  the  first  quarter  alone  associated  with  protecting  its  intel¬ 
lectual  property.  At  the  same  time,  it  reported  collecting  just  $20,000 
in  revenue  from  licensing  efforts  during  the  quarter. 

“They’re  just  widening  the  number  of  people  they  are  engaged  in 
litigation  with,  and  it  does  not  prove  their  points,”  says  Dan 
Kusnetzky,  vice  president  of  system  software  at  lDC.“What  it  does  is 
take  their  limited  amount  of  revenue  and  direct  it  toward  litigation 
rather  than  creating  and  maintaining  products. ...  If  you  look  at  the 
escalating  costs  and  decreasing  revenue,  there  has  to  be  a  point 
where  the  revenue  does  not  support  the  escalating  costs  of  litigation, 
and  when  that  day  comes  they  will  no  longer  be  able  to  continue 
either  litigating  or  being  in  business.”  ■ 


Paying  up 


The  SCO  Group,  which  claims  it  owns  intellectual 
property  that  was  illegally  ported  into  Linux,  is  asking 
users  to  pay  up  or  face  litigation.  SCO  says  its  efforts 
resulted  in  revenue  of  $20,000  in  the  most  recent 
quarter.  A  look  at  companies  that  are  responding  to 
SCO’s  demands: 


Computer  Associates  says  that  it  purchased  an  Intellectual 
Property  License  for  Linux  from  SCO  as  part  of  a  $40  million 
settlement  in  August  in  a  breach  of  contract  dispute  with 
Canopy  Group,  a  major  SCO  investor. 

Energy  firm  Questar  says  it  recently  bought  an  IP  license  from 
SCO  to  cover  seven  servers  running  Linux  in  a  network  of 
more  than  100  boxes. 

Manufacturer  Leggett  &  Platt  says  it,  too,  purchased  an  IP 
license  for  "a  small  number  of  remote  locations  running  Linux." 

Hosting  company  EVlServers.net,  which  manages  more  than 
20,000  servers,  also  bought  an  IP  license,  reportedly  worth 
more  than  $1  million  so  that  its  current  and  future  customers 
“can  enjoy  peace  of  mind." 

In  May,  Sun  and  Microsoft  purchased  Unix  license  agreements 
and  paid  SCO  nearly  $26  million  last  year,  representing  nearly 
one-third  of  SCO’s  revenue  for  2003. 


BY  NOON,  THE  IT  DEPARTMENT  WILL  BE 
ALERTED  TO  750  DIFFERENT  PROBLEMS. 


ONE  OF  THEM  WILL  LOSE 
ONLINE  RESERVATIONS  A 


CAN  YOUR  SOFTWARE  TELL  YOU 

Business  Service  Management  solutions  from 
BMC  Software'  can.  They  automatically  prioritize 
IT  management  issues  according  to  business 
importance  and  alert  you  before  potential  problems 
can  impact  performance.  They  also  let  you  prioritize 
IT  investments  and  resource  allocations  to  optimize 
your  business  results.  So  you  can  solidly  align  your 
IT  investments  with  strategic  business  goals.  And 


WHICH  ONE? 

protect  the  delivery  of  vital  business  services  like 
online  transactions,  sales,  customer  service,  logistics 
and  distribution — whatever  is  most  critical  to  your 
company's  success.  It's  enterprise  management 
software  that  works  with  your  existing  IT  resources 
to  let  you  manage  what  matters  from  a  business 
perspective  and  execute  with  precision.  Find  out 
how  at  www.bmc.com/bsm34 
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Moving  Linux  to  the  desktop 


.  N 

Going  mainstream 

Linux  has  hit  the  big  time  when  it  comes  to  server  operating  systems, 
but  what  about  the  desktop?  Some  issues  to  think  about  when 
considering  using  Linux  as  a  client  operating  system: 

Pros: 

Cons: 

•  The  money.The  open  source 
option  frees  you  from  costly 
licensing  fees. 

•  Flexibility.  With  Linux,  IT  can 
pick  and  choose  what  users  can 
access. 

•  Business  control.  Not 

ready  to  update  or  add 
patches?  Linux  doesn't  force  a 
schedule. 

•  Adaptability.  Especially 
when  considering  thin-client 
deployments,  Linux  fits  in  nicely 
with  heterogeneous  systems. 

V 

•  User  reluctance.  Employees  used  to  their 
Microsoft  desktop  may  not  easily  switch. 

•  Application  limitations.  Many  enterprise 
applications  have  not  yet  been  ported  for  Linux 
desktops. 

•  Peripheral  incompatibility.  Network  cards, 
sound  cards  and  other  peripherals  that  worked 
fine  with  Windows  might  not  be  supported  by  Linux 
or  might  need  drivers  that  aren't  easily  located. 

•  Techie  reputation.  Linux  faces  the  same 
challenges  on  the  desktop  as  it  initially  faced  on  the 
server:  It's  considered  too  techie.  But  companies 
such  as  Sun  and  Ximian  are  working  to  provide  more 
user-friendly  front  ends. 

J 

IBM  survey:  Training,  tech 
needed  to  grow  revenue 


■  The  IEEE  last  week  approved  a 
standard  for  10G  Ethernet  over  cop¬ 
per,  opening  the  way  for  short-reach, 
high-speed  data  center  links  that  are 
more  affordable  to  corporations.  The 
802.3ak  standard  will  be  imple 
mented  as  10Gbase-CX4,  providing 
10G  bit/sec  over  dual  twin-axial 
cables,  similar  to  the  cabling  used  in 
InfiniBand  environments.  Experts  say 
10Gbase-CX4  ports  will  be  more 
affordable  to  companies  than  current 
fiber-based  10G  ports,  which  average 
$10,000  per  port,  according  to  the 
Dell’Oro  Group.  The  10G  Ethernet 
originally  was  designed  as  a  long-haul 
carrier  technology,  specifically  for 
replacing  SONET  OC192  in  metropol¬ 
itan-area  networks  with  Ethernet. 
However,  as  companies  began  show¬ 
ing  interest  in  10G  and  carriers  cut 
back  spending  during  the  telecom 
bust,  interest  began  to  grow  in  a 
short-haul  version  of  10G  for  switch- 
to-switch  interconnects. 

■  Maxxan  announced  two  virtual 
tape  systems  that  use  disk  to  emu¬ 
late  tape  libraries.  The  SVT200  virt¬ 
ual  tape  system  is  a  blade  that  fits 
in  Maxxan's  MXV320  Intelligent 
Application  Switch.  The  SVT100  is  a 
stand-alone  appliance  for  midrange 
storage  environments.  Both  use 
FalconStor’s  IPStor  Virtual  Tape 
Library  software.  They  use  Fibre 
Channel  to  back  up  and  recover 
data  more  quickly.  The  SVT200  and 
SVT 100  also  work  with  a  variety  of 
back-up  applications  from  Computer 
Associates,  HP,  Legato  Systems  and 
Veritas  Software,  among  others.  The 
appliance  and  blade  are  priced 
starting  at  $39,000  and  $34,000, 
respectively. 

■  Stonefly  Networks  s  announcing 
Stonefly  Backup  Advantage.  The 

suite  of  products  includes  a  Stonefly 
Storage  Concentrator  i3000,  Comm- 
vault's  Galaxy  Express  backup,  an 
iSCSI  driver,  IT  byte  of  Advanced 
Technology  Attachment  storage  and 
remote  data  replication  capability. 
Stonefly  Backup  Advantage  starts 
at  $29,800. 


■  BY  JENNIFER  MEARS 

Increasingly  businesses,  government  enti¬ 
ties  and  schools  are  starting  to  look 
beyond  Windows,  which  IDC  says  securely 
dominates  the  desktop  market  with  a  94% 
market  share.  Instead  they’re  considering 
running  Linux  as  their  client  operating 
environment.  But  the  move  is  a  slow  one. 

While  organizations  see  big  cost  savings 
in  casting  off  proprietary  licensing  fees, 
many  challenges  remain,  including  the 
lack  of  application  support  and  a  reluc¬ 
tance  within  companies  to  move  from  an 
established  operating  system  to  one  that 
is  unfamiliar. 

An  SG  Cowen  survey  of  more  than  500 
North  American  companies  last  year 
found  that  of  the  80%  of  respondents  that 
were  using  Linux,  only  15%  were  using  it 
on  the  desktop. 

“While  that  may  sound  healthy,  it  repre¬ 
sents  less  than  5%  of  the  PCs  across  the 
whole  survey  base,  and  less  than  0.5%  of 
the  PCs  among  larger  organizations,”  the 
report  says. 

But  interest  is  growing,  as  vendors  such 
as  Sun  and  Novell  focus  on  their  Linux 
desktop  offerings.  IBM  also  sees  budding 
demand,  and  an  internal  memo  leaked  to 
the  press  in  January  indicated  that  Big 
Blue  planned  to  move  all  employee  desk¬ 
tops  to  the  open  source  operating  system 
by  2005.  A  spokeswoman  downplays  the 
company’s  intent. 

“We  have  no  plans  in  place  to  migrate 
all  our  employees  to  Linux  desktops.  We 
have  just  begun  the  work  to  determine 
whether  this  might  make  sense,”  she  says. 

But  it’s  important  to  note  that  IBM  is 
looking  at  Linux  as  a  client  operating  sys¬ 
tem.  Users  say  there  are  some  real  bene¬ 
fits.  Governments  in  particular  are  turn¬ 
ing  to  Linux  for  cost  savings,  as  well  as  for 
reliability  and  stability.  And  with  Linux, 
customers  are  not  tied  to  a  predeter¬ 
mined  package  of  desktop  tools  and  can 
mix  and  match  according  to  their  needs. 
Linux  runs  a  variety  of  open  source  pro¬ 
grams,  including  Gnome,  K  Desktop  En¬ 
vironment  (KDE),  StarOffice  and  Open- 
Office  productivity  suites;  Mozilla  brows¬ 
er;  and  Evolution  mail  and  calendar. 

Four  years  ago,  the  city  of  Largo,  Fla., 
decided  to  expanded  its  use  of  Linux, 
which  was  deployed  on  servers  in  the  late 
1990s,  to  reduce  the  costs  associated  with 
running  a  Unix  client  operating  system. 

See  Linux,  page  16 


■  BY  ANN  BEDNARZ 

NEW  YORK  —  Revenue  growth  is  the  top 
corporate  priority  but  a  lack  of  technology 
tools  and  skills  stands  in  the  way  of  achiev¬ 
ing  it,  according  to  a  new  IBM  study 

IBM’s  Business  Consulting  Services  divi¬ 
sion  surveyed  456  CEOs,  a  majority  through 
in-person  interviews,  to  catch  a  glimpse 
into  corporate  planning  agendas.  Among 
the  respondents,  80%  say  increasing  rev¬ 
enue  is  their  primary  objective.  Notably  the 
push  for  revenue  growth  has  supplanted 
cost-cutting  efforts,  which  dominated  CEO 
agendas  in  recent  years. 

As  economic  trends  have  begun  to 
improve,  CEOs  are  satisfied  with  the  cost- 
containment  measures  put  in  place  over 
the  last  two  years  and  are  ready  to  focus 
more  aggressively  on  new  opportunities, 
IBM  says.  Achieving  growth  won’t  be  easy 
however.  One  obstacle  is  a  perceived  lack 
of  responsiveness.  Most  CEOs  say  their 
companies  are  not  agile  enough  to  identify 
and  chase  new  market  opportunities. 

Among  respondents,  80%  cite  the  ability 


to  respond  rapidly  to  changing  market 
forces  as  a  high  priority  in  the  next  few 
years.  Only  13%  of  CEOs  rate  their  organi¬ 
zations  as  “very  responsive”  to  changing 
business  conditions.  In  addition,  43%  of 
CEOs  rate  their  company’s  change-man¬ 
agement  record  as  unsuccessful. 

Joseph  Reiser,  CEO  at  Locus  Pharma¬ 
ceuticals  in  Blue  Bell,  Pa.,  says  it’s  a  chal¬ 
lenge  to  be  responsive.  The  nature  of  the 
pharmaceutical  industry  requires  Locus  to 
anticipate  patient  needs  and  commit 
research-and-development  resources  to 
particular  drug  design  projects  years 
before  the  drugs  will  become  available  to 
consumers.  . 

Technology  helps  the  company  com¬ 
press  the  time  and  cost  of  drug  develop¬ 
ment  —  although  it’s  still  a  massive  under¬ 
taking  that  can  cost  up  to  $1  billion  for  one 
drug.  Locus  recently  signed  a  deal  with 
IBM  to  outsource  some  computation  work 
that’s  done  on  a  2.3  teraflop  IBM  super¬ 
computer.  Locus  needs  the  supercomputer 
to  perform  continually  evolving  design 

See  IBM,  page  16 
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Patching:  The  cure  that's  worse  than  the  disease? 


You  might  be  familiar  with  the  cliche 
that  the  cure  can  be  worse  than  the 
disease.  When  it  comes  to  patching 
software,  Microsoft’s  David  Aucsmith  now 
appears  to  be  saying  that  the  cure  is  fre¬ 
quently  the  cause  of  the  disease. 

Addressing  the  E-Crime  Congress  orga¬ 
nized  by  Britain’s  National  Hi-Tech  Crime 
Unit,  Aucsmith  —  of  Redmond’s  Security 
business  unit  —  was  reported  by  the  BBC 
to  say  that  crackers  are,  essentially,  lazy 
louts  who  wait  for  a  security  patch  to  be 
released  and  then  reverse-engineer  it  to 
find  the  vulnerability  Unpatched  systems 


then  can  be  compromised.  He  cited  the 
recent  critical  problem  dubbed  “ASN.l,” 
which  was  discovered  in  July  2003  but  for 
which  a  patch  wasn’t  issued  until  last 
month.  He  said  the  first  exploit  of  the  vul¬ 
nerability  didn’t  occur  until  three  days  after 
the  patch  was  released. 

Following  his  argument  to  its  invariable 
conclusion,  it  would  appear  that  the  best 
course  would  be  never  to  issue  a  patch  at 
all.  That  way  the  lazy  crackers  would  have 
nothing  to  work  with. 

I’ll  go  along  with  the  thought  that  most  of 
today’s  nefarious  hackers  (and  they  have 
brought  into  ill  repute  what  was  once  a 
term  of  respect)  are  lazy.  But  I  think  they’re 
too  lazy  even  to  do  a  spot  of  reverse-engi¬ 
neering.  All  they  need  to  do  is  to  read  the 
Microsoft  Knowledgebase  article  detailing 
the  extent  and  cause  of  the  vulnerability  to 
help  them  create  an  exploit  by  adapting 


someone  else’s  real  hacking  work. 

The  BBC  (www.nwfusion.com,  Doc- 
Finder:  1024)  also  quoted  Aucsmith  as  say¬ 
ing  “We  have  never  had  vulnerabilities 
exploited  before  the  patch  was  known.” 
But  a  few  paragraphs  later,  the  story  reports 
that  Aucsmith  said  he  could  only  think  of 
one  instance  when  a  vulnerability  was 
exploited  before  a  patch  was  available. 
There’s  a  long  way  from  a  categorical 
“none”  to  an  admission  of  one  and  the 
actual  truth,  which  is  “at  least  a  handful.” 

His  solution,  by  the  way  wasn’t  to  stop 
issuing  patches  but  for  users  to  apply  them 
more  quickly  so  as  to  limit  the  window  the 
lazy  crackers  have  to  do  damage.  All  that’s 
left  is  for  Aucsmith  to  tell  us  how  to  limit 
the  damage  ill-advised  patches  often  do. 

Kearns,  a  former  network  administrator,  is  a 
freelance  writer  and  consultant  in  Silicon 


Valley.  He  can  be  reached  at  wired@ 
vquill.com. 


Tip  of  the  Week 


Steve  Ballmer  is  always 
good  for  a  catchy  line, 
f  but  rarely  one  that  NetWare 
cC  stalwarts  might  agree  with. 

A  But  in  telling  Canada’s 
eChannelLine  (DocFinder: 

A  1025)  why  Windows  was  the 
;  C  only  viable  operating  sys- 
A  tern,  he  dismissed  NetWare 
by  saying  "even  Novell  is  try¬ 


ing  to  get  off  of  the  Novell 
platform  and  onto  Linux." 


Linux 
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“New  applications  and  open 
source  software  were  becoming 
available  on  Linux,”  says  Harold 
Schomaker,  the  city  of  Largo’s  IT 
manager  and  CIO.  “This  makes  it 
easier  to  replace  servers  once 
they  have  reached  end  of  life 
[because  Linux  can  run  on  multi¬ 
ple  hardware  platforms] .  Also,  the 
staff  skill  set  migrated  fairly  easily’ 

The  city  had  tested  Windows, 
but  because  many  of  its  applica¬ 
tions  ran  on  Unix,  the  city  had  to 
use  Citrix  Unix  Integration  Ser¬ 
vices  to  emulate  the  applications 
on  the  Windows  PCs.  There  were 
just  too  many  headaches, 
Schomaker  says. 


With  city  employees  connecting 
through  thin  client  devices  to  a 
Linux  desktop  they  now  have 
access  to  all  the  applications  they 
need,  whether  they  are  open 
source,  Unix  or  Windows-based. 

“Since  we  deliver  every  applica¬ 
tion  regardless  of  platform  to  the 
desktop  through  the  thin  client, 
[Linux]  makes  it  really  easy” 
Schomaker  says.  With  Linux,  no 
emulation  code  is  necessary  to 
connect  into  heterogeneous  ap¬ 
plications,  he  adds. 

Schomaker  says  Linux  provides 
better  stability  and  lets  him  avoid 
the  headache  of  installing  fre¬ 
quent  patches  as  he  would  with 
Microsoft. What’s  more,  with  Linux 
running  in  a  thin  client  environ¬ 
ment,  the  city  saves  as  much  as 


$400,000  per  year. 

Despite  possible  cost  savings, 
some  organizations  turn  away 
from  Linux  on  the  desktop  be¬ 
cause  they  consider  it  “too  techie.” 
In  an  effort  to  get  around  that 
image,  the  open  source  commu¬ 
nity  is  working  to  make  interfaces 
for  Linux  desktops  more  user- 
friendly  For  example, the  KDE  pro¬ 
ject,  recently  released  the  latest 
version  of  its  open  source  desk¬ 
top  environment  with  features  to 
improve  usability  and  perfor¬ 
mance.  Some  Linux  desktop  dis¬ 
tributions  —  the  SuSe  Linux 
Desktop,  for  one  —  support 
Microsoft  Office,  which  makes  the 
transition  to  Linux  less  painful  for 
end  users. 

IDC  predicts  that  Linux  in  both 


lilt's  been  harder  to  find  good 
technical  talent  over  the  last  18 
to  24  months.  1 1 


Bill  Pence 

CTO,  Napster 
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algorithms  that  only  get  more 
complex,  Reiser  said  at  an  IBM 
event  that  announced  the  survey 
results.  “Cost-cutting  your  way  to 
success  just  isn’t  an  option,”  Reiser 
said. 

Skills  deficiencies  also  pose  an 
obstacle  to  achieving  revenue 
growth,  according  to  survey 
respondents.  About  60%  of  CEOs 
said  the  major  barrier  to  manag¬ 
ing  change-related  projects  is  lim¬ 
ited  internal  skills  and  leadership 
resources. 

Bill  Pence, CTO  of  online  music 
company  Napster  in  Los  Ang¬ 
eles,  agrees.  “It’s  been  harder  to 
find  good  technical  talent  over 
the  last  18  to  24  months,”  Pence 
said  at  the  IBM  event.  In  years 
past,  the  company  had  more 
qualified  applicants  than  it 
needed,  he  said. 


The  survey  results  will  help  IBM 
set  its  own  priorities  for  future 
investments,  said  Ginni  Rometty 
managing  partner  of  IBM  Busi¬ 
ness  Consulting  Services.  It  also 
confirms  ongoing  investments 
IBM  has  made  in  areas  such  as 
business  analytics,  telematics  and 
radio  frequency  identification 
technology  she  said. 

“It’s  heartening  to  hear  CEOs 
telling  us,  indeed,  they  are 
going  after  growth  and  want  to 
leverage  all  this  information 


and  connectivity  that  is  emerg¬ 
ing  to  be  more  responsive,” 
added  Irving  Wladawsky-Berger, 
IBM’s  vice  president  of  technol¬ 
ogy  and  strategy.  “Eighteen 
months  ago,  when  we  launched 
the  On  Demand  initiative,  these 
are  the  kind  of  market  condi¬ 
tions  and  requirements  we  were 
hoping  for.” 

IBM  produced  the  CEO  survey 
with  support  from  Economist 
Intelligence  Unit  and  Nikkei 
Research.  ■ 


server  and  client  operating  envi¬ 
ronments  will  continue  to  grow  at 
a  faster  rate  than  any  other  oper¬ 
ating  environment.  On  the  client 
side,  paid  shipments  of  Linux  held 
a  1.7%  share  in  2000,  but  grew  to 
2.8%  in  2002,  a  tenth  of  a  percent 
behind  Apple.  IDC  predicts  that 
Linux  will  be  in  the  No.  2  spot 
when  the  2003  data  is  tabulated, 
says  Dan  Kusnetzky  vice  presi¬ 
dent  of  system  software  at  IDC. 

The  Open  Source  Development 
Labs  (OSDL),  a  consortium  fo¬ 
cused  on  honing  Linux  for  corpo¬ 
rate  use,  recently  formed  a  desk¬ 
top  Linux  working  group  with  the 
aim  of  creating  a  framework  to 
help  IT  managers  deploy  Linux  as 
a  client  operating  system.  The 
working  group  was  created  in 
response  to  the  organization’s 
user  advisory  council,  made  up  of 
Global  500  companies.  Tim 
Witham,  OSDL  lab  director,  says 
the  companies  in  the  user  advis¬ 
ory  council  all  are  doing  some 
type  of  prototype  deployment 
with  Linux  on  the  desktop.  He 
declined  to  say  who  those  com¬ 
panies  were. 

Freedesktop.org,  HR  IBM,  Intel, 
Novell,  OSDL,  Red  Hat  and  Sun  all 
are  involved  in  the  OSDL  effort. 

“The  ultimate  goal  is  to  make 
sure  that  for  people  who  want  to 
deploy  [Linux  on  the  desktop], 
there  is  in  essence  a  cookbook: 
‘We  know  this  works  and  we  can 
go  forward  with  that,’”  Witham 
says.“An  overall  goal  of  OSDL  is  to 
see  that  [independent  software 
vendors]  are  in  the  position 
where  they  port  once  and  run 
everywhere. ...  I  don’t  think  we’re 
at  that  point  yet.” 

But  things  are  moving  in  that 
direction. 

“Except  for  those  groups  of 


users  within  a  business  who  only 
need  minimal  stuff  like  mail,  word 
processors  and  a  browser,  there 
continues  to  be  reluctance 
because  most  of  the  applications 
they  need  are  not  available  on 
Linux,” says  Bill  Claybrook,an  ana¬ 
lyst  at  Harvard  Research  Group. 
“But  that  will  change.  It’s  changing 
fairly  quickly’ 

In  Austin,  Texas,  the  city  govern¬ 
ment  conducted  a  pilot  project 
last  year  to  test  Linux.  It  currently 
has  5,200  Microsoft  desktop 
licenses.  But  the  city  is  facing  a 
$39  million  projected  deficit  this 
year  and  Linux  desktops  could 
mean  significant  cost  savings, says 
Pete  Collins, Austin’s  CIO.  But  there 
also  are  challenges,  he  adds. 

“When  you’re  looking  at  some 
other  sophisticated  applications 
such  as  police  and  fire  report 
management  systems  or  com¬ 
puter-aided  dispatch  for  public 
safety  —  and  that’s  all  Windows- 
based  —  then  you  start  having 
some  issues,”  Collins  says. 

Collins  says  the  city  is  review¬ 
ing  the  results  of  the  pilot  project 
and  plans  to  make  a  decision  by 
year-end. 

Analysts  say  the  biggest  uptick 
in  the  use  of  Linux  as  a  client 
operating  system  is  for  develop¬ 
ers  who  are  writing  Linux  appli¬ 
cations.  But  it  also  is  making 
inroads  for  kiosk  deployments 
and  for  transaction-focused 
workers  in  call  centers  and  retail 
locations.  ■ 
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switch  models) 

Up  to  42  recepta¬ 
cles,  monitored 
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Self-contained  cable 
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Optimizes  heat 
removal  from 
densely  config¬ 
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monitoring  of  temper¬ 
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Rack-optimized  design 
with  configure-to-order 
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speed  installation. 
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Scalable,  modular  and 
manageable  UPS  with  N+1 
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critical  physical  infrastructure 


An  on-demand  architecture  for  network- 
critical  physical  infrastructure  (NCPI*), 
InfraStruXure™  speeds  the  specification, 
design,  and  installation  of  IT  environments. 
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Traditional  data  centers  are 

built  out  for  future  capacity  and 
require  a  large  amount  of  floor 
space  that  could  be  otherwise 
utilized.  High  power  density  racks 
create  dangerous  hot  spots. 


process  and  a  configure-to-order  approach,  InfraStruXure's 
rack-based,  standardized  modules  provide  you  with  a  pre-tested, 
integrated  system  that  assembles  in  a  matter  of  hours. 

APC  InfraStruXure  is  built  for  speed  and  more:  system  resiliency, 
lower  cost,  higher  availability.  So,  if  you're  looking  to  deploy  your 
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directly  where  it  is  needed,  eliminating 
dangerous  hot  spots. 


servers  in  days,  look  no  further  than  InfraStruXure. 
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Microsoft's  long  road  to  security 

Company  makes  progress,  but  experts  and  users  say  it  still  has  a  long  way  to  go. 


■  BY  JOHN  FONTANA 


Two  years  after  Microsoft  Chief  Software 
Architect  Bill  Gates  vowed  the  company 


■  Microsoft  and  eBay  last  week 
delivered  tools  that  enable  links  be¬ 
tween  the  2003  editions  of  Excel  and 
FrontPage  and  the  eBay  online  auc¬ 
tion  service.  The  tools  will  let  frequent 
users  of  eBay's  service  manage  their 
auctions  using  Excel,  including  the 
ability  to  analyze  sales  and  upload 
multiple  listings  at  once,  Microsoft 
says.  FrontPage  users  will  be  able  to 
display  information  from  eBay  on  Web 
sites  created  using  FrontPage.  The 
tools  take  advantage  of  XML  capabili¬ 
ties  in  the  2003  editions  of  Excel  and 
FrontPage,  and  Web  services  APIs 
made  available  by  eBay.  The  tool  set 
for  Office  2003  will  be  offered  on 
eBay's  developer  Web  site 
(www.developer.ebay.com)  and  the 
Microsoft  Developer  Network  site. 

■  BMC  Software  last  week  upgraded 
its  mainframe  management  soft¬ 
ware  with  features  that  will  give 
bandwidth  and  capacity  priority  to 
mission-critical  IP  applications  run¬ 
ning  on  a  mainframe.  Mainview  for 
IP  2.2  lets  customers  apply  rules  and 
policies  to  IP-based  applications. 

BMC  acquired  Mainview  from  Boole 
and  Babbage  in  1998.  The  software  is 
installed  on  a  mainframe,  and  once 
configured  and  activated,  it  will  begin 
reporting  on  application  metrics  such 
as  number  of  IP  packets,  bytes  and 
sessions.  Also  this  week  BMC  is  set 
to  upgrade  its  Mainview  for  CICS 
(Customer  Information  Control 
System)  software  with  a  feature 
called  application  delay  analysis  that 
can  pinpoint  CICS  applications  per¬ 
forming  badly  and  prevent  any  slow¬ 
down  to  business  services.  Mainview 
for  IP  starts  at  $24,000.  Mainview  for 
CICS  starts  at  $33,000. 


was  making  security  its  top  job,  users  and 
experts  say  progress  has  been  measurable 
but  that  a  lot  more  work  has  to  be  done. 

“There  is  a  long  way  to  go  to  make  it  eas¬ 
ier  for  administrators  to  keep  their  net¬ 
works  secure,”  says  Russ  Cooper,  moderator 
of  the  NTBugtraq  mailing  list  and  surgeon 
general  for  security  company  TruSecure. 

Some  say  Windows  must  be  simplified  or 
transformed  with  a  major  code  overhaul, 
that  an  alternative  to  pushing  out  patches 
might  be  needed  and  that  automated 
patch  management  will  have  to  show  it’s 
secure  before  it  can  help  improve  security 

Some  say  Microsoft  also  must  focus  on 
shoring  up  older  software  such  as 
Windows  2000,  given  that  the  next  major 
release  of  the  operating  system,  code- 
named  Longhorn,  isn’t  expected  to  ship 


■  BY  JASON  MESERVE 

Broadcast  International  is  looking  to 
redefine  the  way  audio  and  video  is  com¬ 
pressed  with  CodecSys,  a  new  compres¬ 
sion  method  that  uses  the  best  qualities  of 
multiple  coder/decoders  to  shrink  the  size 
of  multimedia  files,  reducing  storage 
requirement  and  delivery  bandwidth  while 
maintaining  quality 

Codecs  such  as  those  from  Microsoft 
(Windows  Media)  and  RealNetworks  han¬ 
dle  every  frame  or  scene  of  video  with  the 
same  compression  algorithm.  CodecSys 
analyzes  each  frame/scene  to  determine 
which  codec  is  best  suited  to  compress  it. 
Three  consecutive  frames  of  video  might 
use  three  different  compression  tech¬ 
niques.  Instead  of  the  corporate  training 
video  being  all  MPEG-2,  it  might  consist  of 
five  different  codecs.  Audio  can  be  han¬ 
dled  in  a  similar  fashion  with  different 
codecs  handling  voice  and  music. 

Broadcast  International  says  its  compres¬ 
sion  is  10  times  better  than  that  of  MPEG-2, 
the  standard  used  in  DVDs  and  television. 
This  translates  to  a  2-hour  full-screen  movie 
being  stored  on  a  256M-byte  memory  stick 
rather  a  5G-byte  DVD  disc,  Rod  Tiede,  pres¬ 
ident  and  CEO  of  Broadcast  International, 
says.  He  also  says  CodecSys  can  deliver 
high-definition  television  at  4M  byte/sec 
instead  of  the  19.2M  byte/sec  used  in 


until  2006  or  2007. 

And  foremost,  Microsoft,  which  is  a  col¬ 
lection  of  autonomous  product  groups, 
must  learn  to  work  as  one  company  when 
solving  security  issues. 

“They  are  now  seeing  that  coordination 
across  the  entire  company  takes  a  lot  of 
time,”  says  Michael  Cherry,  an  analyst  with 
Directions  on  Microsoft,  an  independent  re¬ 
search  firm. “Installing  one  product  should 
not  undo  security  of  another  product.” 

Cherry  says  security  is  driving  change 
because  it  hit  Microsoft  on  the  bottom  line. 
“The  money  companies  spend  fixing  these 
problems  is  money  they  can’t  spend  on 
new  products.” 

Critics  and  end  users  say  Microsoft  will 
make  some  progress  in  the  coming  months 
when  it  ships  Service  Pack  2  for  Windows 


■ 

PROFILE- 

BROADCAST  INTERNATIONAL 

Location:  Salt  Lake  City 

Founded:  1984 

Management:  Rod  Tiede,  president 
and  CEO;  Ken  Moore,  executive  vice 
president  and  CTO. 

Product:  CodecSys 

Product  type:  An  audio/video  com¬ 
pression  algorithm  that  uses  multiple 
codecs  to  compress  a  single  file. 

Employees:  55 

Fast  fact:  Broadcast  International 
served  up  the  unaccredited  media 
center  in  Park  City,  Utah,  for  the  2002 
Winter  Olympics. 

today’s  broadcasts. 

“Whatever  approach  you  use  to  deal  with 
digital  images,  there  will  always  be  some 
trade-off,”  says  Adi  Kishore,  media  and 
entertainment  analyst  at  The  Yankee 
Group.  “By  using  this  approach,  they  have 
the  best  of  many  worlds.” 

Broadcast  International  uses  a  propri¬ 
etary  software  player  to  decode  and  dis¬ 
play  content  encoded  with  CodecSys,  but 
plans  to  develop  it  into  a  plug-in  for  a  main¬ 
stream  media  client  such  as  Windows 


XP  which  is  designed  to  make  the  operating 
system  more  resilient  by  turning  off  some 
features  by  default  and  makes  available  a 
set  of  new  patch  management  tools,  includ¬ 
ing  new  installer  and  updating  software. 

Those  improvements  come  in  addition  to 
those  in  Windows  Server  2003,  including 
additional  security  features  to  lock  down 
key  components  such  as  Active  Directory 
and  Internet  Information  Server. 

However,  all  these  improvements,  accord¬ 
ing  to  some,  might  be  feeding  the  problem. 

“They  are  layering  on  more  complexity, 
not  simplifying  the  code  to  make  it  more 
secure,”  says  Dan  Blum,  an  analyst  with 
Burton  Group.  It’s  a  philosophy  Microsoft 
seems  to  have  failed  at  when  it  introduced 
its  first  major  security  push  in  1999  with  its 
See  Microsoft,  page  22 


Media  Player  so  potential  users  do  not 
have  to  install  and  learn  yet  another  appli¬ 
cation.  Tiede  also  says  the  company  is 
working  on  getting  the  CodecSys  decoder 
embedded  into  a  digital  signal  processing 
chip  for  use  in  cable  boxes,  satellite 
receivers  and  cell  phones  where  process¬ 
ing  power  is  at  a  premium. 

At  next  month’s  National  Association  of 
Broadcasters  show,  Broadcast  Inter¬ 
national  is  scheduled  to  demonstrate 
CodecSys  in  a  $3,000  set-top  videoconfer¬ 
encing  appliance  called  Interactive  Video. 
Tiede  says  the  device,  which  runs  on 
Linux  and  is  H.323  compatible,  can  deliv¬ 
er  full-screen  TV  video  at  100K  bit/sec, 
about  one-third  the  bandwidth  that  tradi¬ 
tional  video  endpoints  use.  The  100K 
bit/sec  works  only  between  two  Interac¬ 
tive  Video  endpoints,  not  any  H.323 
device. 

Despite  its  promise,  CodecSys  will  not 
be  an  overnight  success.“Initially  it  won't 
replace  anything  outright,”  says  Michael 
Hoch,  an  independent  analyst.  “What  I 
would  like  to  see  happen  is  compression 
becoming  much  more  under  the  covers 
with  something  like  CodecSys,  so  that 
when  you  go  to  a  customer  you’re  not  sell¬ 
ing  them  on  MPEG-1,  MPEG-2  or  Windows 
Media,  you  just  sell  them  on  your  video 
system,  and  the  customer  gets  the  best 
compression  available.”  ■ 


Putting  the  squeeze  on  audio/video 
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Vendors  set  to  advance  security  plans 

Sun,  Cisco  and  IBM  ready  technologies  designed  to  reduce  impact  of  attacks. 


■  BY  ELLEN  MESSMER 

Vendors  are  pursuing  a  variety  of  security 
initiatives  intended  to  rein  in  the  worst 
effects  of  problems  such  as  worm  attacks, 
which  sometimes  scan  at  ferocious  speeds 
for  vulnerable  machines. 

Sun  recently  gave  a  sneak  peek  into 
security  features  that  will  go  into  the  next 
version  of  Solaris,  promising  customers  a 
more  fault-tolerant  system  and  greater 
resistance  to  intrusions  when  Solaris  10.0 
comes  out  by  year-end. 

Solaris  10.0  will  use  a  fault-isolation  tech¬ 
nology  called  “n  1  grid  containers”  intend¬ 
ed  to  help  keep  multiple  applications  run¬ 
ning  smoothly  says  Ravi  Iyer,  Sun’s  group 
manager  for  software  systems  security 
Each  container  will  work  like  a  mini-oper¬ 
ating  system  for  an  application  process,  so 
that  if  the  application’s  mini-operating  sys¬ 
tem  fails,  the  entire  operating  system  does¬ 
n’t  go  down. 

“It’s  a  form  of  resource  isolation,”  Iyer  says, 
noting  that  IBM  and  HP  have  made  use  of 
similar  approaches. 

IBM  Director  of  Security  Chris  O’Connor 
says  IBM’s  mainframe  and  AIX  operating 
systems  have  long  had  “multiple  logical 
partitions,  each  representing  a  separate 
machine.”  He  notes  that  this  not  only  helps 


in  maintaining  uptime  when  one  partition 
and  its  application  and  operating  system 
fail,  but  also  allows  for  differ¬ 
ent  security  considerations  in 
each  partition. 

Sun  also  intends  to  debut 
other  security  strengths  in 
Solaris  10.0,  including  a  cryp¬ 
tography  framework  that 
would  support  a  variety  of 
encryption  algorithms  that 
could  be  used  with  applica¬ 
tions  for  authentication  and 
encryption. 

“We  want  application  ven¬ 
dors  writing  to  our  cryptogra¬ 
phy  framework,”  Iyer  says.  A 
few  years  ago  Microsoft  intro¬ 
duced  a  Windows-based  cryp¬ 
tography  framework  called 
Crypto  APIs,  which  also  required  vendor 
support  in  applications. 

Sun  also  will  be  adding  what  it  calls  “pro¬ 
cess  rights  management”  to  Solaris  10.0,  a 
form  of  security  protection  already  said  to 
be  built  into  Trusted  Solaris,  the  hardened 
version  of  its  operating  system  typically 
used  by  the  U.S.  Department  of  Defense  or 
financial  firms  to  process  sensitive  data. 

Process  rights  management  works  by  hav¬ 
ing  a  set  of  profiles  in  the  operating  system 


that  limit  access  to  the  home  directory  spe¬ 
cific  files  or  server  by  certain  applications. 

“If  a  process  is  compro¬ 
mised,  such  as  a  Web  server 
by  a  buffer  overflow,  the 
attacker  may  have  access  to 
the  system,  but  it  limits  the 
ability  to  move  around,”  Iyer 
says. 

Meanwhile,  Cisco’s  Network 
Admission  Control  (CNAC) 
program,  announced  last  No¬ 
vember,  is  set  to  begin  its  first 
beta  tests  this  month,  says  Jeff 
Platon, Cisco’s  director  of  mar¬ 
keting  for  the  product  and 
technology  group  for  security 
CNAC  includes  the  newly 
developed  Cisco  Trust  Agent, 
which  is  made  up  of  a  few 
hundred  lines  of  code  that  resides  on  desk¬ 
tops  and  servers.  With  the  agent,  those 
devices  can  cordon  off  infected  machines 
through  interaction  with  Cisco  routers  and 
Access  Control  Server.  The  Trust  Agent  — 
which  eventually  will  be  integrated  into 
Cisco’s  Security  Agent  behavior-blocking 
software  —  is  designed  to  interact  with  anti¬ 
virus  software  from  Network  Associates, 
Symantec  and  Trend  Micro  to  enforce  virus- 
signature  updates.  The  Trust  Agent  also  will 


check  on  the  need  for  software  patches. 

Cisco  has  faced  criticism  that  CNAC  is 
too  proprietary  and  in  response,  the  com¬ 
pany  is  promising  that  the  basic  design 
specifications  will  be  offered  as  a  public 
standard. “All  intellectual  property  [associ¬ 
ated  with  CNAC]  will  be  brought  to  a  stan¬ 
dards  community  such  as  IEEE  or  IETE’ 
Platon  says. 

IBM,  which  this  month  announced  it  has 
joined  the  CNAC  effort,  strongly  supports 
making  CNAC-developed  technologies 
more  widely  available.“We  try  to  validate  a 
concept  with  a  trusted  set  of  partners  but 
we  support  pushing  that  work  out  into  the 
open  standards  community  for  broader 
adoption,”  IBM’s  O’Connor  says. 

IBM,  which  intends  to  integrate  the  CNAC 
network  quarantine  technology  into  IBM 
Tivoli  products,  also  is  working  on  a  new 
line  of  security-compliance  software  prod¬ 
ucts  “that  will  check  the  operating  system 
and  server  health,”  O’Connor  says. 

While  IBM  is  expected  to  formally  unveil 
this  product  line  this  spring,  O’Connor’s 
preview  indicates  that  the  IBM  compliance 
line  will  be  able  to  inspect  the  operating 
system  or  application  for  a  range  of  vulner¬ 
abilities  or  security-policy  checks  to  indi¬ 
cate  remediation  requirements  or  a  good 
bill  of  health.  ■ 


Cisco's  Jeff  Platon  says 
the  vendor's  security 
package  is  becoming 
less  proprietary  and  will 
be  offered  of  the  stan¬ 
dards  community. 


NETWORKWORLD 
TECHNOLOGY  TOUR 

BACKSTAGE 

WITH  MARK  GIBBS 


Network  World  launches  its  newest  Technology  Tour, 

“ Messaging  and  spam:  From  chaos  to  control,"  later 
this  month.  Keynoting  the  tour  is  Network  World 
Columnist  Mark  Gibbs.  Network  World  Events  Editor 
Sandra  Gittlen  recently  spoke  with  Gibbs  about  the 
dire  effect  spam  and  other  issues  are  having  on  elec¬ 
tronic  messaging. 


The  state  of  electronic  messaging  is  in  disarray  thanks  to  spam, 
liability  issues  and  loss  in  productivity.  What  do  you  see  as  the 
breaking  point  for  electronic  messaging? 

The  breaking  point  for  general  electronic  messaging 
between  corporations  and  the  rest  of  the  world  would 
occur  when  spam  reaches  the  ‘magic  threshold.’This  is 
the  point  at  which  the  value  of  SMTP  messaging  becomes 
so  low  that  it  has  no  effective  business  relevance.  But  this 
will  depend  on  how  good  we  get  at  filtering  spam  out. 

Abandoning  e-mail  will  not  be  an  option.  For  power 
users  who  are  customer-facing  there  won’t  be  a  choice  — 
'  •  many  businesses  the  value  of  communicating  with 
"  umers  through  e-mail  is  so  significant  that  there  is  no 
way  to  onceive  of  stopping. 

On  the  other  hand,  where  the  power  user  is  communi¬ 
cating  with  external  business  partners,  both  corporate 
and  personal  whitelists  will  become  a  powerful  tool  to 


control  the  volume  of  spam. 

There  are  many  companies  that  claim  to  solve  the  spam  prob¬ 
lem.  Can  the  spam  problem  ever  be  completely  solved? 

The  spam  problem  can  never  be  completely  solved 
because  there  will  always  be  a  gray  area  where  one 
man’s  meat  is  another  man’s  spam.  A  reasonable  target  for 
spam  detection  should  be  99%  —  the  goal  is  to  contain 
the  scale  of  spam. 

Do  you  see  the  face  of  electronic  messaging  changing  drastical¬ 
ly?  Will  we  someday  be  communicating  over  a  system  that  looks 
nothing  like  the  one  we  have  today?  Or  will  we  continue  to  make 
modifications  to  today's  e-mail  architecture? 

I  would  put  cold,  hard  cash  on  the  future’s  messaging 
systems  being  based  on  an  evolutionary  path  that  is 
based  on  today’s  standards  —  we  have  too  much  infra¬ 
structure  that  supports  and  relies  on  SMTRPOP3  and 
[Internet  Message  Access  Protocol]  to  dispose  of. This 
means  that  the  only  viable  alternative  is  to  morph  these 
standards  into  architectures  that  are  progressively  more 
mature  in  how  they  deal  with  spam  and  at 
the  same  time  allow  for  backward 
compatibility 

Where  does  instant  messaging  and  similar  types 
of  communication  fit  into  the  picture?  Already 
we're  hearing  about  spam  INI  or  'spim.'  Seems 
like  one  more  headache  for  IT  departments  to 
deal  with. 

Every  advance  in  digital  communica¬ 
tions  gives  rise  to  new  headaches  (and  for 
that  matter,  migraines).  Instant  messaging 
is  no  different.  IM’s  role  is  as  a  counter¬ 
point  to  store-and-forward  messaging  —  it 


provides  real-time  connection  and  presence  but 
demands  more  attention  than  email.  I  see  IM  becoming 
as  much  of  a  standard  as  e-mail  and  the  two  systems 
becoming  closely  related  in  normal  business  communi¬ 
cation.  Spim  is  a  consequence  of  the  openness  of  IM 
systems,  but  given  IM’s  relative  youth  it  is  likely  that  the 
problem  will  be  addressed  before  it  becomes  out  of 
control  as  spam  has  become. 

What  are  five  things  network  managers  can  do  to  get  their  elec¬ 
tronic  messaging  houses  in  order?  How  can  they  start  to  re-eval¬ 
uate  their  systems? 

First,  network  managers  need  an  in-depth  understand¬ 
ing  of  how  their  organizations  communicate  and  how  the 
organization  wants  to  communicate  in  the  future.Then 
they  need  to  understand  how  their  current  systems  func¬ 
tion  with  respect  to  current  and  future  needs.Third,they 
need  to  analyze  the  impact  that  spam  is  having  and  tie 
that  down  to  real  costs.  Fourth,  knowing  what  is  wrong 
they  need  to  understand  what  solutions  exist  and  how 
those  solutions  can  be  applied  to  their  particular  circum¬ 
stances.  Finally,  they  need  to  integrate  all  of 
the  information  they  gathered  in  the  first 
four  steps,  and  build  an  argument  that 
they  can  take  to  senior  management  to  get 
the  budget  to  install  solutions. 

What  the  Network  World  Messaging  Tour 
will  help  them  with  is  in  understanding  and 
articulating  their  problems  and  in  learning 
how  their  problems  can  be  addressed. 

We’ll  be  slicing  and  dicing  messaging 
technology  from  architectures  through 
spam  to  content  control  and  even  run 
through  financial  modeling  to  build  a  case 
for  action.  ■ 


More  online! 

Register  for  the  Messaging  and  Spam 
Technology  Tour. 

DocFinder:  1031 
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Great  Moments  at  Work. 

4:42  pm  You're  not  stopped  in  the 
hall  and  asked  to  pull  yet  another 
up-to-the-second  project  report. 


Introducing  the  new  Microsoft  Office  System. 

Now  users  can  do  more  for  themselves  so  you  can 
focus  on  the  important  things.  That's  because  with 
the  Microsoft®  Office  Project  Server  and  Project 
Professional  2003,  users  have  visibility  into  all  of  their 
projects,  including  integrated  costs  from  business 
systems,  risks,  and  project  documents— all  on  their 
own.  Hallway  chitchat  will  never  be  the  same. 

For  more  information,  go  to  microsoft.com/officelT 


Microsoft  More  than  what  it  used  to  be,  Microsoft  Office  is  now  an 

Office  System  integrated  system  of  programs,  servers,  services,  and  solutions. 


Servers 


Programs 

Access  2003 
Excel  2003 
FrontPage®  2003 
InfoPath™  2003 
OneNote™  2003 
Outlook*  2003 


PowerPoint®  2003 
Project  2003 
Publisher  2003 
Visio®  2003 
Word  2003 


Project  Server  2003 

Live  Communications 
Server  2003 


SharePoint™  Portal 
Server  2003 


Services 

Live  Meeting 
Office  Online 

Solutions 

Solution  Accelerators 


Exchange 
Server  2003 


Enabling  Technologies: 

Windows  Server™  2003,  Windows®  SharePoint  Services, 
Rights  Management  Services 


Office 
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One  of  the  early  dreams  about  the  In¬ 
ternet  seems  to  be  approaching  real¬ 
ity  The  Internet  is  more  democratic 
than  anyone  dared  to  hope  for  a  few  years 
ago. 

There  has  been  a  lot  of  focus  over  the 
past  few  years  on  the  reported  concentra¬ 
tion  of  Internet  content  providers.  It  seems 
like  we  get  another  report  every  few 
months  lamenting  that  most  Internet  con¬ 
tent  comes  from  the  top  10  or  20  sites. 
Frequently  the  commentators  draw  a  par¬ 
allel  with  the  growing  concentration  of 
content  providers  in  more  traditional 
media  such  as  newspapers,  radio  and  TV 
These  laments  are  accurate,  but  they 


The  Internet  as  us 


ignore  some  important  trends. 

The  most  important  development  in 
Internet  content  might  have  been  the 
launching  of  Google  News  a  while  back. 
This  Web  site,  still  tagged  as  being  in  beta, 
is  full  of  automatically  generated  news 
summaries  and  links  to  news  stories.lt  has 
provided  a  window  on  the  ’Net  at  least  as 
important  as  the  basic  Google  (and 
other)  Web  search  sites.  According  to  the 
Web  site, Google  News  continuously  scans 
4,500  news  sources  and  feeds  the  results 
to  a  program  to  determine  what  stories 
might  be  of  interest.  The  note  at  the  bot¬ 
tom  of  the  screen  reminds  the  readers: 
“The  selection  and  placement  of  stories 
on  this  page  were  determined  automati¬ 
cally  by  a  computer  program.” 

This  selection  process  sometimes  results 
in  some  strange  stories  being  headlined, 
but  seems  to  always  result  in  stories  from 
all  over  the  world  being  featured  on  the 
main  page. The  morning  I  wrote  this,  there 


were  32  main  stories,  eight  from  non-U.S. 
sources  and  only  five  from  the  big  news 
wires  such  as  Reuters  and  Bloomberg.  The 
rest  of  the  stories  were  from  a  collection  of 
big  and  small  U.S.  newspapers  and  TV  sta¬ 
tions.  In  addition,  each  of  the  main  stories 
had  links  to  hundreds,  and  in  a  few  cases 
thousands,  of  related  stories.  This  is  unfil¬ 
tered  news  at  its  best. 

Almost  as  important  a  development 
has  been  getting  an  understanding  of 
the  work  of  individual  Internet  users. 
According  to  a  new  report  by  the  Pew 
Internet  and  American  Life  Project, 
almost  half  of  adult  (18  and  older) 
Internet  users  are  Internet  publishers  of 
one  kind  or  another  (see  www.nwfu 
sion.com,  DocFinder:  1026.) 

When  World  Wide  Web  technology  was 
first  developed  in  the  early  1990s, there  was 
a  hope  that  it  would  permit  the  average 
Internet  user  to  also  be  a  content  publisher 
and  bypass  the  filter  that  regular  content 


publishers  must  be  by  definition.  For 
a  while  this  seemed  to  be  the  case,  but 
quickly  the  focus  shifted  to  big  commer¬ 
cial  Web  sites  and  the  role  of  the  individual 
began  to  fade, at  least  in  public  perception. 
The  fact  that  many  broadband  ISPs  started 
to  prohibit  customers  from  running  their 
own  Web  sites  didn’t  help  much.  But  the 
Pew  study  shows  that  the  individual  is  out 
there  on  the  ’Net  (and  thus  can  be  found 
with  Google  and  Yahoo). 

In  spite  of  the  worries  of  many  people, 
and  the  efforts  of  some  governments,  the 
Internet  continues  to  be  an  engine  for 
democracy  The  Pew  report  and  Google 
News  are  examples  of  what  this  means. 

Disclaimer:  Much  of  Harvard  sees  itself  as 
an  engine  for  democracy  but  your  mileage 
might  vary. The  above  is  my  view. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sob.com. 


Security  review 

Microsoft  said  two  years  ago  that  security  would  be  Job  1.  Since  then,  progress  has  been  made  despite  several  notable  vulnerabilities,  but  critics  say 
more  needs  to  be  done. 


Jan.  15,  2002 

Bill  Gates  outlinesTrustworthy 
Computing  initiative  in  e-mail 
to  50,000  Microsoft  employees. 


rJuly  18,  2002 

Gates  sendsTrustwor- 
thy  Computing  memo  to 
customers. 


July  16,  2003 

Patch  for  RPC  buffer 
overrun  released.  Blaster 
worm  hits  26  days  later. 


Oct.  23,  2003 

CFO  John  Connors  admits  that  sales  over  the  past 
three  months  were  weakened  as  corporate  cus¬ 
tomers  dealt  with  security  issues  related  to  Blaster. 


May  2004 

Windows  XP  Service  Pack  2  expected 
to  ship.  Includes  new  security  controls, 
including  many  turned  on  by  default. 


February  2002 

Microsoft  ceases  work  on 
new  products  while  devel¬ 
opers  are  trained  in  how  to 
write  secure  code. 


rJuly  24, 2002 

Patch  for  SQL  buffer 
overrun  vulnerability 
released.  Slammer  worm 
hits  184  days  later. 


Oct.  9,  2003 

In  keynote  at  Partner  Conference, 
CEO  Steve  Ballmer  reiterates 
Trustworthy  Computing  initiative 
and  that  security  is  Job  1. 
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Feb.  10, 2004 

Patch  for  ASN.1  vulnerability  re¬ 
leased.  Some  critics  call  it  the  worst 
vulnerability  ever  discovered  in  Mi¬ 
crosoft’s  software. 


-  May/June  2004 

Microsoft  expected 
to  release  new  and 
updated  patching 
tools. 
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Microsoft 

continued  from  page  19 

Secure  Windows  Initiative  team. 
The  goal  was  to  provide  educa¬ 
tion,  tools,  process  and  testing 
while  not  adding  more  security 
features. 

“It’s  simplicity  vs.  complexity, 
flexibility  vs.  security  Blum  says. 

Others  say  even  more  drastic 
measures  should  be  taken  by 
rewriting  core  code  even  though 
it  would  break  compatibility  with 
most  existing  applications. 

“The  blind  spot  is  the  code  base 
because  it  is  apparent  now  that 
Microsoft  met  ship  dates  of  earlier 
products  by  using  some  sloppy 
code,”  says  John  Kretz,  president 
of  Enlightened  Point  Consulting 
Group,  a  systems  integrator  in 
A ioenix.The  vulnerabilities  can’t 
addressed  with  check  boxes 
.i  default  configurations.  1 
>  i  like  them  to  fix  the  code 
instea: '  changing  defaults." 

ids  a  drastic  measure  that  points 
:  ;  th-  >r.  blem  Microsoft  has  had 


establishing  credibility  for  Trust¬ 
worthy  Computing.  Every  time 
progress  seems  to  be  made, 
Microsoft  gets  shot  in  the  foot. 

Critical  weaknesses 

Gates  sent  customers  his 
original  Trustworthy  Computing 
memo  in  2002,  less  than  a  week 
before  the  patch  was  issued  for 
the  SQL  Server  vulnerability  that 
the  MS-SQL  Slammer  worm  even¬ 
tually  exploited.  CEO  Steve  Ball¬ 
mer  touted  the  gains  of  Trust¬ 
worthy  Computing  to  corporate 
partners  just  a  week  before  seven 
new  critical  vulnerabilities  were 
revealed.  Just  after  the  two-year 
anniversary  of  Trustworthy  Com¬ 
puting,  the  ASN.l  vulnerability 
was  made  public  and  Microsoft 
acknowledged  that  it  had  taken 
more  than  200  days  to  develop 
the  patch  for  a  hole  some  called 
the  worst  ever  discovered. 

And  last  month,  more  embar¬ 
rassing  incidents  occurred,  includ¬ 
ing  a  leak  of  source  code  and  a  fix 
issued  outside  of  Microsoft’s  new 


monthly  patch  cycle  to  correct  a 
bug  in  Internet  Explorer. 

It’s  a  list  that  leaves  users 
cautious. 

“I  can’t  say  if  security  has  gotten 
any  better’’  says  George  Defen- 
baugh,  manager  of  global  IT  infra¬ 
structure  projects  for  petroleum 
company  Amerada  Hess.  “Who 
knows  what’s  out  there  that  has 
not  been  discovered.” 

Despite  the  pockmarks,  Micro¬ 
soft  points  to  progress. 

Win  2003  needed  six  critical  or 
important  patches  in  the  first  300 
days  after  release,  an  83%  drop 
compared  with  the  36  critical  or 
important  patches  issued  in  the 
first  300  days  after  the  release  of 
Win  2000. 

Win  2003  was  the  first  major 
product  that  Microsoft  developed 
under  its  Trustworthy  Computing 
Release  Process,  an  internal  pro¬ 
cess  including  security  design  re¬ 
views.  Office  2003  and  Exchange 
2003  are  some  of  the  20  products 
that  have  been  subjected  to  the 
same  reviews. 


Customers:  Tighten  up  now 

“Our  No.  1  request  from  cus¬ 
tomers  is  to  ship  more  secure 
products,”  says  Jeff  Jones,  senior 
director  of  the  security  and  tech¬ 
nology  business  unit  at  Microsoft. 
“We  think  we  are  on  track  and 
doing  well  in  terms  of  progress.” 

Jones  says  success  in  the  short 
term  and  long  term  will  be  based 
on  writing  more  secure  code, 
developing  protective  technolo¬ 
gies  such  as  personal  firewalls  to 
protect  against  the  spread  of  mali¬ 
cious  code  and  updating  Micro¬ 
soft’s  patching  technology.  “We 
know  we  have  a  lot  of  work  ahead 
of  us,”  he  says. 

The  company  has  formed  a 
number  of  alliances  and  aware 
ness  programs  to  enlist  the  help  of 
partners,  including  the  Virus  In¬ 
formation  Alliance  and  the  Glob¬ 
al  Infrastructure  Alliance  for  In¬ 
ternet  Safety  for  service  providers. 

Software  also  is  on  tap.  Before 
July,  the  company  plans  to  ship 
its  Software  Update  Services  2.0 
and  Microsoft  Update,  both  tools 


for  downloading  patches,  and 
the  Internet  Security  and 
Acceleration  Sever  2004.  In  the 
second  half  of  the  year,  it  will 
ship  Service  Pack  1  for  Win  2003 
and  more  patching  tools.  And 
down  the  road  it  plans  a  secure 
Simple  Mail  Transfer  Protocol 
gateway,  behavior-blocking  tech¬ 
nology  and  the  Next  Generation 
Secure  Computing  Base,  a  com¬ 
bination  of  hardware  and  soft¬ 
ware  to  lock  down  the  operating 
system. 

TruSecure’s  Cooper  says  the 
upcoming  XP  service  pack,  which 
will  turn  on  by  default  the  person¬ 
al  firewall  within  the  operating  sys¬ 
tem,  shows  progress  not  just  in 
technology  but  also  in  attitude. 

“It’s  a  huge  step  forward  turn¬ 
ing  something  on  that  will  break 
legacy  functionality,"  Cooper 
says.  “That  will  create  support 
calls,  and  it  shows  Microsoft 
acknowledges  that  the  security 
risk  is  greater  than  the  annoy¬ 
ance  and  cost  of  all  those  sup¬ 
port  calls."  ■ 


Betty  Johnson 
Vice  President  of  IT 

The  NIA  Group  of  Cos.,  Santa  Cruz,  CA 

Betty  Johnson  is  vice  president  of  Information 
Technology  at  The  Nonprofits  Insurance 
Alliance  (NIA)  Group  of  Companies,  which 
provides  liability  insurance  for  501(c)(3) 
charitable  nonprofit  organizations  in  17  states 
and  Washington,  D.C.  To  her  staff,  she's  an 
IT  hero. 

Her  challenge:  to  design  a  system  that 
fully  integrated  the  Group's  claims  and 
underwriting  processes.  "We  needed  to 
streamline  our  organizational  processes  and 
make  it  easier  for  our  staff  to  do  their  jobs," 
she  says. 

Her  response  was  NIAC2000,  a  modular, 
fully  integrated  underwriting  and  claims 
processing  system.  This  system's  capabilities 
capture  both  structured  and  unstructured 
data,  and  its  intuitive  graphical  user 
interface  makes  NIAC2000  a  pleasure  to 
use.  Incorporating  all  lines  of  the  Group's 
existing  business,  NIAC2000  also  makes  it 
simple  to  add  other  modules,  such  as  finance 
and  marketing. 

Since  deploying  NIAC2000  in  early  2001, 
NIA  Group  has  greatly  increased  its 
productivity.  The  result?  A  300  percent  rise 
in  insurance  premium  revenues,  but  only  an 
85  percent  increase  in  staff. 

Great  Moment  at  Work: 

"Seeing  the  satisfaction  of  staff.  That's  who 
we,  IT,  work  for." 

Microsoft  Office  System  salutes  those 
who  have  done  great  work  in  the  IT  field. 
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&2003  Lucent  Technologies 


We  make  any  service  provider  network 
more  productive. 


Computing  Sciences  Research, 
Lucent  Bell  Labs 


Product  Management-Revenue 
Recovery,  Lucent  Worldwide  Services 


$$$  MILLIONS 


ECOVERED 


Together,  Lucent  Worldwide  Services  and  Bell  Labs  bring  you  unrivaled  networking  expertise  and  intelligent 
tools  to  help  you  get  more  out  of  your  network.  Our  Revenue  Recovery  service  applies  diagnostic  models  to 
help  you  capture  all  the  revenue  from  customer  use  of  your  voice  and  data  networks.  We  helped  one  service 
provider  recover  $12  million  in  annual  revenue  in  one  central  office  alone — a  solution  with  the  potential  to 
recover  $1.4  billion  across  the  carrier's  entire  network.  See  how  we  can  make  your  network  more  productive, 
more  reliable,  and  more  secure  than  it  is  today  at  www.lucent.com/lws. 


?tworks  that  work  smarter.  Networks  that  work  harder." 


Lucent  Technologies 

Bell  Labs  Innovations 
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INFORMATION 
LIFECYCLE 
MANAGEMENT  IS: 

a  strategy  that  uses 
people,  processes  and 
technology  to  store  and 
tap  critical  business 
data  throughout  its 
lifespan  of  value. 


IN  THIS  EDITION: 

See  how  companies  are 
turning  their  new  regu¬ 
latory  challenges  into 
business  opportunities 
by  leveraging  the  bene¬ 
fits  of  Information 
Lifecycle  Management. 


Information  Lifecycle  Management: 
The  Smart  Way  to  Save  Money 


CERTAINLY,  SMART  COMPANIES 

recognize  that  information  is  the  linch¬ 
pin  of  their  success.  In  most  organiza¬ 
tions,  corporate  information  is  their 
most  valuable  asset,  the  key  ingredient 
with  which  innovative  new  business 
models  are  built. 

“The  ability  to  use  and  leverage 
information  as  a  company  to  drive 
additional  business  is  critical,”  says 
Mark  Lewis,  chief  technology  officer 
at  EMC  in  Hopkinton,  Mass.  “For 
many  companies,  smart  use  of  infor¬ 
mation  has  truly  become  a  differen¬ 
tiator,  particularly  as  technology  pro¬ 
vides  companywide  access.” 

But  if  innovative  information  man¬ 
agement  is  the  ultimate  goal,  then  the 
immovable  object  squarely  in  its  path 


is  the  reality  of  today’s  lean  IT  budgets. 
Technology  is  the  vital  framework  on 
which  companies  rely  to  help  business 
information  flow  freely,  but  many 
worthy  efforts  have  been  hamstrung 
by  the  flat  or  declining  budgets  of  the 
past  several  years. 

Yet  limited  resources  are  no 
excuse  for  limited  action,  says  Chuck 
Hollis,  vice  president  of  platforms 
marketing  at  EMC.  “More  and  more 
companies  are  realizing  that  informa¬ 
tion  is  money,  and  they  have  to  do  a 
better  job  of  managing  their  money,” 
he  says.  “But  all  this  is  happening  as 
IT  budgets  are  flat  and  labor  costs 
are  growing.” 

Spurred  by  boardroom-level  con¬ 
cerns  about  the  escalating  costs  of 
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“Our 

business  was 
able  to  cut 
support 
staffing  by  30 
percent,  yet 
increase  its 
throughput 
by  20 
percent. 
[ILM]  had  a 
significant 
bottom  line 
impact  and  a 
net  delta  of 
somewhere 
around 
10  percent 
in  our 

profitability, 
directly 
attributable 
to  this 
planned 
technology.” 

— Bob  Terdeman, 
Rogers  Medical 
Intelligence 


technology,  IT  executives  have  embarked 
on  a  constant  search  to  make  their  infra¬ 
structure  as  streamlined  and  cost-efficient 
as  possible. 

Many  have  already  implemented  meas¬ 
ures  that  address  cost-cutting  on  a  piece¬ 
meal  basis — server  consolidation  or  out¬ 
sourcing,  for  example — but  also  need 
a  method  of  reducing  infrastructure 
and  information  management  costs 
enterprise-wide.  One  intriguing  answer: 
Information  Lifecycle  Management  (ILM), 
which  offers  an  opportunity  to  streamline 
infrastructure  costs  across  the  board  by 
tying  the  business  value  of  information  to 
the  cost  of  managing  it. 

“If  you  think  of  information  bits  as 
assets,  Information  Lifecycle  Management  is 
the  alignment  between  the  value  of  informa¬ 
tion  and  how  much  a  company  is  spending 
to  make  it  available  to  people,”  says  Hollis. 

Information  Lifecycle  Management  can 
help  streamline  operational  costs.  New 
York’s  Rogers  Medical  Intelligence 
Solutions  has  recognized  significant  cost 
savings  through  Information  Lifecycle 
Management,  according  to  Robert 
Terdeman,  the  company’s  vice  president 
and  chief  information  architect.  “One  of 
the  key  results  is  that  our  business  was  able 
to  cut  support  staffing  by  30  percent  yet 
increase  its  throughput  by  20  percent,” 
says  Terdeman.  “It  had  a  significant  bot¬ 
tom  line  impact  and  a  net  delta  of  some¬ 
where  around  10  percent  in  our  prof¬ 
itability,  directly  attributable  to  this 
planned  technology.” 


TECHNOLOGY  OPERATIONAL 
EFFICIENCY:  BUSINESS  DRIVERS 

Much  has  changed  over  the  past  several 
years  for  companies  that  rely  on  online 
information  for  strategic  value.  Consider: 

Budget  Constraints.  While  CIO  maga¬ 
zine’s  latest  quarterly  Tech  Poll  forecasts  a 
modest  increase  in  IT  budgets  for  2004, 
caution  is  still  the  watchword.  Nearly  one- 
third  of  survey  respondents  say  that  ongo¬ 
ing  financial  constraints  affect  IT  spending, 
while  nearly  60  percent  say  that  spending 


OPERATIONAL  EFFICIENCY: 
BUSINESS  DRIVERS 


•  Budget  Constraints 

•  Explosive  Information  Growth 

•  Manual  Processes 

•  Fragmented  Management  Strategies 

•  Regulatory  Compliance  Issues 


on  computer  hardware  will  remain  flat  or 
decrease. 

Explosive  Information  Growth. 

Companies  are  squirreling  away  unprece¬ 
dented  quantities  of  data  in  many  forms — 
the  structured  information  that  lies  in  data¬ 
bases  as  well  as  the  unstructured,  file-based 
information  that  lies  in  Word  and  Excel 
documents  across  a  network. 

“Information  is  growing  at  a  ridiculous 
rate,”  says  Steve  Kenniston,  a  technology 
analyst  at  Enterprise  Storage  Group,  a 
research  company  based  in  Milford,  Mass. 
“Where  there  used  to  be  one  storage 
administrator  for  one  terabyte  of  data,  now 
they  need  one  administrator  to  manage  six 
terabytes,  and  soon  it’ll  be  one  for  every  14 
terabytes.  For  that  to  happen,  companies 
need  to  make  information  management 
more  efficient.” 

Manual  Processes.  “Categorizing, 
moving  and  disposition  of  data  is  still  a 
very  manual  process  at  most  companies,” 
says  Hollis.  “Tools  are  few  and  frag¬ 
mented,  and  a  far  cry  from  the  automat¬ 
ed  determination  of  policy.”  Worse,  man¬ 
ual  information  management  consumes 
staff  time — and  as  Hollis  points  out, 
“Labor  is  the  most  expensive  component 
of  IT  today.  “ 

Fragmented  Management  Strategies. 

Gaining  a  bird’s-eye  view  of  all  that  infor¬ 
mation  is  no  small  task.  Without  a  compre¬ 
hensive  strategy,  it’s  difficult  for  companies 
to  manage  the  data  that’s  spread  across  an 
entire  enterprise. 

Regulatory  Compliance  Issues.  New 
regulations  and  corporate  governance 
mandates  for  the  storage  and  management 
of  information  mean  that  companies  must 
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be  able  to  retrieve  data  quickly  and  on 
demand.  Faced  with  the  difficult  and  time- 
consuming  task  of  accessing  data  that  may 
well  be  spread  across  a  variety  of 
sources — or  that  may  have  been  deleted — 
it’s  small  wonder  that  companies  can  be 
frightened  into  taking  a  “save  it  all” 
approach. 

These  issues  are  prompting  CIOs  to  rec¬ 
ognize  that  the  real  opportunity  to  drive 
big  costs  out  of  IT  is  to  look  across  the 
entire  lifecycle  of  the  information  and  the 
infrastructures  that  support  it.  In  short, 
Information  Lifecycle  Management. 

As  detailed  in  earlier  parts  of  this 
series,  Information  Lifecycle  Manage¬ 
ment  is  not  a  product  but  rather  a 
method  of  harnessing  informational 
chaos.  “[Itj  is  a  strategy,  and  one  that 
encompasses  people,  processes  and  tech¬ 
nology,”  says  Kenniston.  Done  right, 
ILM  is  proactive  and  dynamic,  and 


helps  companies  plan  IT  growth  to  meet 
their  anticipated  business  needs. 
“[Information  Lifecycle  Management]  is 
the  ability  to  provide  companies  with 
access  to  information — the  right  infor¬ 
mation — and  the  most  up-to-date  and 
logical  version  across  the  enterprise,” 
says  Tanuja  Randery,  vice  president  for 
global  strategic  initiatives  at  EMC.  “If 
companies  want  to  access  and  use  infor¬ 
mation  to  their  business  advantage,  ILM 
enables  this  by  providing  a  unified 
approach  to  viewing  and  access  while 
ensuring  that  the  cost  and  performance 
of  the  infrastructure  is  optimized.” 


LINKING  INFORMATION  LIFECYCLE 
MANAGEMENT  AND  OPERATIONAL 
EFFICIENCY 

Implementing  Information  Lifecycle 
Management  can  help  companies  manage 
information  both  more  wisely  and  less 
expensively.  By  building  an  information 
management  strategy  based  on  this  disci¬ 
pline,  companies  can  build  cost  savings  into 
their  infrastructure  in  a  holistic  fashion. 
Information  Lifecycle  Management  Helps: 

•  Improve  Classification.  Many  compa¬ 
nies  don’t  even  know  what  they  have  for 
equipment.  Information  Lifecycle 
Management,  which  starts  with  a  thor¬ 
ough  inventory  of  physical  and  informa¬ 
tional  assets,  ensures  that  companies 
know  exactly  what  they  have,  which 
helps  them  make  better-informed  spend¬ 
ing  decisions.  By  conducting  a  data  clas¬ 
sification  and  prioritization  study,  com¬ 
panies  can  ensure  that  data  is  placed  on 
the  level  of  storage  most  appropriate  to 
its  business  value.  Many  times,  that 
means  calling  in  outside  experts. 
“Information  Lifecycle  Management 
consultants  are  part  of  the  storage  com¬ 
panies’  bench  teams,”  says  Pete  Gerr,  an 
analyst  at  Enterprise  Storage  Group. 
“They  have  the  services  and  tools  that 
will  help  an  organization  classify  and 
value  their  data,  taking  a  step  toward 
having  a  fully  realized  strategy.” 

•  Leverage  Existing  Assets.  Once  compa¬ 
nies  know  exactly  what’s  there,  they  can 
better  prioritize  information  assets  in 
accordance  with  information  manage¬ 
ment  policies.  “If  you  know  up  front 
what  you  have  and  how  much  data  is 
being  created,  you’ll  do  better  capacity 
planning,”  says  Kenniston. 

•  Enable  Policy  Automation.  The  ability 
to  simplify  and  automate  technical 
infrastructure  through  Inform¬ 
ation  Lifecycle  Management  means 
that  companies  can  lower  business 
costs  and  hire  fewer  people.  “You  get 
efficiencies  by  automating  the  things  that 
people  have  to  do  today,”  Hollis  explains. 
By  creating  and  then  automating  policies 


INFORMATION  LIFECYCLE 
MANAGEMENT  ENABLES 
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•  Improve  Classification 

•  Leverage  Existing  Assets 

•  Enable  Policy  Automation 

•  Tier  Storage 

•  Decrease  Compliance  Costs 

•  Stretch  IT  Resources 


“Information 
is  growing  at 
a  ridiculous 
rate.  Where 
there  used  to 
be  one 
storage 
administrator 
for  one 
terabyte  of 
data,  now 
they  need 
one 

administrator 
to  manage 
six  terabytes, 
and  soon  it’ll 
be  one  for 
every  14 
terabytes. 
For  that  to 
happen, 
companies 
need  to 
make 

information 

management 

more 

efficient.” 

— Steve  Kenniston, 
Enterprise 
Storage  Group 
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IMPACT  OF  ILM  AND  TCO  SAVINGS  ACROSS  STAGES 


Three-Year  TCO  Estimate  for  Typical  Large  Enterprise*  (Indexed  to  100) 
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Step  3 


Incremental  TCO  Reduction  10-17%  23-26%  17-20% 


Drivers  of  Reduction 
with  step  implementation 

‘Enterprise  has  750  TB  of 
baseline  total  storage;  TCO 
calculation  includes  busi¬ 
ness  costs  (i.e.,  data  loss, 
compliance,  downtime,  and 
data  search  time) 


•  Networked  •  Application-specific 

storage  service  level  align- 

•  Storage  ment  (based  on 

automation  business  policies) 

•  Storage  •  Improved  continuity 

consolidation  and  compliance 


•  Automated 
management 
and  control 

•  Service  levels 
aligned  across 
enterprise  data 


SOURCE:  EMC 


QUESTIONS  ABOUT 
INFORMATION 
LIFECYCLE 
MANAGEMENT? 

If  you’ve  got  any  burning 

questions  about 

Information  Lifecycle 

Management — and  how 

you  can  begin 

implementing  such  a 

strategy — send  them  to 

ilm_questions@emc.com. 

We’ll  answer  the  most 

frequently  asked 

questions  later  in 

this  series. 


to  drive  information  management,  com¬ 
panies  can  streamline  operations  and  cut 
costs.  “The  principal  savings  is  around 
the  dynamic  movement  of  data,”  says 
EMC’s  Lewis.  “The  value  of  data  changes 
over  time,  and  ILM  helps  flexibly  move 
data  to  the  appropriate  level  of  storage  as 
its  business  value  changes.” 

•  Tier  Storage.  Classifying  data  enables  IS 
executives  to  create  tiered  storage  that 
matches  the  business  value  of  the  data 
with  the  corresponding  price/perform¬ 
ance  layer  of  storage.  For  example,  mis¬ 
sion-critical  applications  might  reside  on 
high-performance  disks,  while  important 
but  less  critical  data  land  on  less  costly 
ATA  disks.  “Having  high-end,  mid-tier 
and  archive  storage  makes  a  lot  of  sense 
financially  and  from  a  recoverability 
standpoint,”  says  Kenniston.  “By  migrat¬ 
ing  the  lower  class  of  information  to  a 
second  tier  of  storage,  companies  save 
money  but  also  keep  it  available  and  pro¬ 
tect  it  more  easily.”  As  the  range  of 
options  in  tiered  storage  increases,  so  do 
the  effective  business  continuity  options 
for  the  corporate  world. 

•  Decrease  Compliance  Costs.  Information 
Lifecycle  Management  handles  data 
according  to  its  business  value  at  a  very 
granular  level,  so  CIOs  know  what  data 
should  be  kept  and  what  can  be  deleted, 


thus  saving  money.  It  also  makes  compli¬ 
ance  much  simpler,  so  companies  are  less 
likely  to  incur  compliance-related  expens¬ 
es  such  as  legal  fees  or  staffing  costs. 

•  Stretch  IT  Resources.  Automating  infor¬ 
mation  management  in  accordance  with 
data  policies  means  that  CIOs  will  be  able 
to  redeploy  existing  staffers  to  other  proj¬ 
ects,  making  their  resources  go  further  for 
the  same  money.  “If  companies  can  auto¬ 
mate  the  process  and  take  the  human 
aspect  out  of  it,  it  saves  them  money,” 
says  Kenniston.  “Once  CIOs  are  con¬ 
vinced  that  storage  can  be  automatically 
moved  to  the  right  asset  when  they  want 
to  move  it,  automation  is  the  next  step.” 

In  an  era  of  increasing  concern  over  the 
cost  of  technology,  CIOs  see  the  wisdom  of 
embracing  budget  reduction  strategies  that 
add  value  as  well  as  cut  costs.  One  impor¬ 
tant  step  is  to  implement  a  strategy  that 
works  across  the  entire  company  to  man¬ 
age  information  holistically. 

“By  implementing  Information  Lifecycle 
Management,  we  believe  that  CIOs  can 
expect  to  see  a  net  of  up  to  50  percent  actu¬ 
al  cost  savings  in  overall  storage  costs,” 
says  EMC’s  Lewis.  Companies  can  make 
sure  that  they  drive  all  possible  extra  costs 
out  of  managing  and  storing  information — 
and  at  the  same  time,  truly  give  business 
leaders  what  they  need  to  thrive. 

“If  you  recognize  that  information  is  a 
core  company  asset  similar  to  physical 
plant  and  human  resources,  then  you 
really  understand  the  value  of  an  inte¬ 
grated  storage  solution,”  says  Terdeman. 
“Because  what  you’re  really  storing  are 
critical  company  assets  in  a  managed  and 
efficient  way.” 


NEXT:  In  the  next  part  of  this  series, 
we'll  look  at  Information  Lifecycle 
Management  for  small  to  medium-sized 
enterprises  (SMEs). 

J7  FOR  MORE  INFORMATION 

where  information  lives  Visit  WWW.emC.COm/ilm 

for  an  in-depth  look  at  Information  Lifecycle 
Management  products,  services  and  strategies. 
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Dunn  discusses  comeback  of  Nortel 


After  free  falling  for  three  years, 
Nortel  has  stabilized ,  and  landed 
some  big  deals,  including  a  VoIP 
coup  with  Verizon.  CEO  Frank  Dunn 
recently  discussed  the  state  of  his 
company  and  the  industry  with 
Network  World  Editor-in-Chief  John 
Dix,  Managing  Editor  of  The  Edge 
Jim  Duffy  and  Senior  Editor  Phil 
Hochmuth. 


What's  the  business  climate  look  like  in  terms  of  capital  spend¬ 
ing? 

Our  assessment  is  the  [capital  expense]  spending  pro¬ 
file  in  2004  vs.  2003  will  be  up  in  the  low  single  digits. 
Within  that,  enterprise  [spending]  will  be  a  little  more 
robust  than  service  provider. There  will  be  huge  growth 
in  certain  segments,  and  quite  a  contraction  in  other 
sections.You’re  going  to  see  a  big  growth  in  spending 


on  3G  wireless,  and  you’re  going  to  see  the  market 
shrink  for  GSM. 

In  the  enterprise,  people  are  going  to  spend  on  conver¬ 
gence,  spend  to  drive  costs  out  of  the  network,  and  spend 
on  things  like  business  continuity,  storage-area  network¬ 
ing,  and  driving  capability  back  into  the  network. 

What  about  in  terms  of  wireless  vs.  wireline  spending? 

When  you  look  at  the  carrier  businesses  it’s  been  on 
the  wireless  side.  And  there  is  going  to  be  a  continued 
migration  and  a  demand  for  mobility.  No  one  wants  to 
be  tethered  to  a  phone.  But  you  [also]  will  see  spend¬ 
ing  in  wireline,  because  they  have  to  adjust  to  a  data 
services  business  model,  and  to  do  that  you’re  going  to 
have  to  transform  the  network;  not  a  rip  and  replace,  but 
a  transformation  of  the  network. They  need  to  be  able  to 
offer  multimedia  services,  and  to  do  that  you  have  to 
spend  a  bit  of  money  Verizon,  Bell  Canada,  MCI  and 
Sprint  —  they’re  all  moving  in  that  direction. 

See  Dunn,  page  26 


MCI  offers  DoS  safety  net 

Carrier  guarantees  response  to  reported  attacks  with  SLA, 


■Short 

Takes 

■  Last  year  proved  productive  for 
DSL  service  providers  as  2.7  mil 

lion  new  users  signed  up  for  the 
broadband  service  —  up  almost  30% 
over  2002  —  according  to  a  new 
report  by  the  DSL  Forum.  The  report, 
which  was  put  together  by  consulting 
firm  Point  Topic,  says  there  were  9.1 
million  DSL  subscribers  in  the  U.S.  at 
the  end  of  2003.  The  U.S.  has  the  third 
largest  number  of  subscribers  after 
China  with  10.9  million  and  Japan  with 
10.3  million.  The  total  number  of  DSL 
subscribers  around  the  world  totals 
53.6  million. The  DSL  Forum  predicts 
that  number  to  jump  to  200  million  by 
year-end  2005. 

■  AT&T  last  week  signed  a  deal  with 
New  York  Community  Bank  worth 
$8.6  million.  AT &T  is  deploying 
Internet  access,  data  and  voice  ser¬ 
vices  to  all  139-bank  branches 
throughout  New  York  state.  AT&T  also 
is  providing  local  voice  service  to  50 
bank  branches.  New  York  Community 
Bank  is  consolidating  its  communica¬ 
tions  services  onto  one  contract, 

AT &T  says.  The  service  provider  also 
says  that  the  financial  institution  will 
save  $2  million  over  the  next  four 
years. 

■  Users  in  Indiana,  Kentucky  and 
Ohio  will  have  a  new  broadband 
option  this  month  in  the  first  large- 
scale  rollout  of  broadband  over  power¬ 
line  service.  Current 
Communications,  a  BPL  vendor, 
announced  last  week  it  is  teaming 
with  Cinergy  Broadband  to  roll  out 
BPL  service  in  Cinergy's  coverage 
area  by  March  15.  Current  has  been 
conducting  small-scale  trials  of  BPL 
in  Cincinnati  and  Potomac,  Md.,  for 
more  than  a  year.  The  rollout  follows 
an  action  by  the  FCC  last  month  to 
move  forward  with  a  process  to  mea¬ 
sure  interference  caused  by  BPL  ser¬ 
vice.  The  move  drew  criticism  from 
groups  such  as  the  American  Radio 
Relay  League,  which  contends  that 
BPL  interferes  with  ham  radio  signals. 
The  service  will  cost  $30  to  $40  per 
month  depending  on  the  bandwidth 
speed. 


■  BY  DENISE  PAPPALARDO 

MCI  last  week  announced  its  first  ser¬ 
vice-level  agreement  that  covers  response 
time  for  denial-of-service  attacks  directed 
at  its  customers. 

The  carrier  guarantees  its  security  team 
will  respond  to  DoS  attacks  directed  at 
any  of  its  IP  customers  within  15  minutes 
of  when  a  user  calls  MCI  and  the  carrier 
issues  a  trouble  ticket. 

The  guarantee  covers  “how  quickly  we 
get  our  experienced  security  team  en¬ 
gaged  with  the  customer  working  toward 
stopping  the  attack  and  mitigate  [the 
attack’s]  impact  on  their  business,”  says 
Bob  Blakely,  senior  product  manager  for 
security  services  at  MCI. 

If  MCIs  security  team  does  not  respond 
within  15  minutes,  the  customer  is  issued 
a  one-day  service  credit.That  translates  to 
a  $20  credit  for  a  customer  that  pays  $600 
per  month  for  a  dedicated  T-l  line  that 
supports  its  Internet  access  traffic.There  is 
also  a  maximum  of  one  credit  per  day. 

The  guarantee  is  available  immediately 
at  no  additional  charge  to  all  MCI  IP  cus¬ 


tomers,  including  its  dedicated  Internet 
access,  IP  VPN,  Internet  Colocation  and 
Web  hosting  service  users. 

Although  MCI  is  promising  it  will 
respond  within  15  minutes,  the  carrier 
says  it’s  typically  much  quicker  than  that. 
MCI  responds  to  all  DoS  attacks  “in  about 
5  minutes  and  much  of  the  time  much 
faster” says  Chris  Murrow,  network  security 
engineer  at  the  carrier. 

Within  those  first  minutes  MCI’s  security 
team  typically  “blackholes”  the  DoS  attack 
traffic.  In  other  words,  it  redirects  the  traf¬ 
fic  away  from  the  user’s  site. Then  MCI  acti¬ 
vates  another  set  of  tools  that  lets  the  car¬ 
rier  essentially  find  out  where  the  rogue 
traffic  is  coming  from  and  thwart  the 
attack. 

MCI  has  used  the  same  practices  and 
security  tools  for  several  months,  Blakely 
says.  What’s  new  is  that  the  carrier  now  is 
trying  to  offer  customers  peace  of  mind 
that  any  DoS  attack  will  be  dealt  with 
swiftly 

The  SLA  specifically  covers  DoS  attacks 
that  customers  bring  to  the  carrier’s  atten¬ 
tion.  MCI,  like  its  main  competitors  AT&T 


and  Sprint,  does  not  offer  a  proactive  DoS 
service  to  customers,  although  all  are 
promising  to  develop  them. 

Proactive  DoS  tools  automatically  notify 
the  carrier  that  there  has  been  a  drastic 
change  in  traffic  heading  toward  a  specif¬ 
ic  customer,  which  is  a  telltale  sign  of  an 
attack.  Carriers  would  not  have  to  depend 
on  customer  notification.  Proactive  tools 
pattern  changes  coming  from  servers  on 
their  network  that  could  be  acting  as 
zombies  that  blindly  send  out  massive 
amounts  of  traffic  to  specific  Web  sites 
that  are  under  attack. 

AH  three  interexchange  carriers  say  they 
will  have  proactive  tools  available  to  cus¬ 
tomers  by  year-end,  but  none  would  pro¬ 
vide  detailed  information. 

MCI  is  the  only  carrier  offering  cus¬ 
tomers  an  SLA  that  covers  DoS  response 
time,  although  the  guarantee  could  offer 
more  bite.  The  clock  starts  when  a  user 
calls  MCI  and  the  carrier  issues  a  trouble 
ticket.The  SLA  would  be  more  compelling 
if  it  wasn’t  dependent  on  user  notification 
and  if  there  was  a  stronger ,  redit  behind 
non-compliance  on  MCl’s  part.B 
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Some  see  AT&T  as  the  poster  child  for 
the  decline  of  the  telecom  industry 
From  a  high  of  about  $1 10  in  2000, the 
company’s  stock  fell  to  less  than  $14  in 
April  2003.  Its  failed  attempt  to  expand  into 
the  cable  market  earned  a  place  in  busi¬ 
ness  books  as  a  case  study  in  poor  strategy 
Its  slow  dismantling  of  business  units,  cul¬ 
minating  in  the  recent  sell-off  of  AT&T 
Wireless  to  Cingular,  appears  a  death- 
march  to  oblivion. 

Additionally,  customers  continue  com¬ 
plaining  about  slow  provisioning  times, 
poor  billing  solutions  and  indifferent  ser¬ 
vice.  In  a  recent  Nemertes  Research 
benchmark  of  service  providers,  AT&T 


AT&T:  Not  your  mother’s  Ma  Bell 


consistently  scored  lower  than  competi¬ 
tors  MCI  and  Sprint. 

So  what’s  up?  Can  AT&T  survive? 

The  answer  might  surprise  you:  Abso¬ 
lutely  Under  the  radar  screen,  the  compa¬ 
ny  has  managed  to  re-invent  itself  as  a 
lean,  mean  fighting  machine  that  clearly 
understands  its  mission  as  a  service 
provider  in  the  post-bubble  economy. 
Behind  the  scenes,  AT&T  has  been  quietly 
streamlining  processes,  massively  upgrad¬ 
ing  technology  and  paying  down  debt  to 
ensure  it  will  succeed  in  the  long  haul. 
Yes,  it  faces  a  long  uphill  battle  to  prove 
itself  once  more  to  skeptical  customers. 
But  from  all  evidence,  it’s  prepared  to  take 
on  the  task. 

Think  I’m  nuts?  Some  background: 

•  AT&T  has  some  of  the  tightest  opera¬ 
tional  performance  numbers  in  the  indus¬ 
try.  Revenue  per  employee  —  a  critical 
measure  of  a  company’s  operational  effec¬ 
tiveness  —  is  between  $500,000  and 


$600,000,  which  positions  AT&T  well  ahead 
of  every  one  of  its  traditional  competitors, 
and  more  than  30%  better  than  the  next  in 
line,  MCI.  How  did  the  company  do  it?  See 
the  last  item  on  world-class  technology 

•  Surprisingly  AT&T  has  a  lower  debt-to- 
earnings  ratio  than  fresh-out-of-bankruptcy 
MCI.  Over  the  past  few  years,  AT&T  has  qui¬ 
etly  reduced  its  debt  from  nearly  $60  bil¬ 
lion  in  2000  to  a  mere  $8.8  billion  in  2003 
—  bringing  its  debt-to-earnings  ratio  well 
below  that  of  MCl’s,  and  well  ahead  of  the 
rest  of  the  industry’s. 

•  The  AT&T  Wireless  sale  is  far  from 
being  a  road  post  on  the  death  march  to 
oblivion.  The  move  actually  ranks  as  one 
of  the  most  strategically  brilliant  deals  in 
telecom  history  In  one  fell  swoop,  AT&T 
divests  itself  of  an  aging  network  with 
creaky  technology,  reclaims  its  damaged 
brand,  fattens  up  its  cash  reserves,  and 
ensures  that  its  two  most  threatening  rivals 
no  longer  have  the  resources  to  launch 
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takeover  bids.  (A  little-noted  facet  of  the 
deal  is  that  it  virtually  exhausts  the  cash 
reserves  of  BellSouth  and  SBC,  which  joint¬ 
ly  own  Cingular.) 

Through  it  all,  AT&T  has  intelligently 
invested  in  world-class  technology.  It’s  qui¬ 
etly  decommissioning  4ESS  switches  and 
turning  up  IP  telephony  services.  Internally, 
the  company’s  investment  in  Web  services 
technology  has  enabled  improved  produc¬ 
tivity  with  reduced  overall  costs. 

This  all  means  that  AT&T  has  fundamen¬ 
tally  restructured  itself  to  be  more  respon¬ 
sive,  more  technically  agile,  and  more  effi¬ 
cient  than  it’s  ever  been  before.  It  will  take 
time  for  these  changes  to  filter  out  to  the 
customer  experience.  But  keep  watching, 
you  might  be  surprised. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


IfcWhen  you  look  at  the  carrier  businesses 
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demand  for  mobility.  No  one  wants  to  be 
tethered  to  a  phone.  1 9 
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continued  from  page  25 

Speaking  of  Verizon,  how  is  the  carrier  han¬ 
dling  the  evolution  to  a  full,  Softswitch  architec¬ 
ture?  Do  they  have  a  timeiine  in  place? 

Our  solution  in  the  enterprise  space  and 
the  carrier  space  is  you  go  at  your  own 
pace.  So  that’s  why  there  is  no  big  bang. 
You  don’t  kind  of  build  a  packet  network. 
You  start  implementing. Verizon  has  a  dif¬ 
ferent  timing  strategy  than  Sprint  and  MCI, 
than  Hong  Kong  Broadband,  and  China 
NetCom.  We  work  with  each  of  them. The 
pace  will  be  predicated  on  the  success. 

What’s  holding  optical  back?  Why  is  the  market 
not  growing  any  faster  than  it  is? 

What’s  holding  it  back  is  the  access.  As 
people  are  connecting  to  DSL  they’re  start¬ 
ing  to  use  the  Internet  more  often,  they’re 
starting  to  drive  traffic.  When  you  start  get¬ 
ting  wireless  data,  when  everybody  is 
sending  pictures  and  videos  around,  it’s 
going  to  chew  up  bandwidth. 

Secondly,  in  the  backhaul  network  there 
was  so  much  bandwidth  put  in.We  have 
enough  for  a  while.  So  we  just  have  to  wait 
out  this  lull,  and  I  expect  it  to  start  to  turn 
around:  Maybe  not  in  the  next  six  months, 
but  it’s  coming. 

Is  the  convergence  push  that  you're  seeing  with 
the  carriers  going  to  drive  convergence  in  the 
enterprise? 

No. The  strategy  will  be  that  we  offer  a 
[Multimedia  Communications  Server] 
product  to  an  enterprise. So  if  you  happen 
to  have  a  PBX,we  could  put  this  multime¬ 
dia  communication  service  capability  on 
;  o  of  that,  and  call  it  5100.  If  we  go  to 
>200,  the  carrier  will  offer  it  as  a  hosted 
•\  ice  The  service  set  could  be  exactly 
•he  same. 

ice  edge  is  a  red-hot  market  now. 

-  i  -l  yyu  doing  to  address  this  market? 


We’re  integrating  [Multi-protocol  Label 
Switching]  onto  our  ATM  [platform]. That 
same  platform  will  be  able  to  be  migrated 
to  MPLS. Then  you’re  saying, ‘But  Frank, 
how  are  you  going  to  take  the  multiple 
boxes  at  the  edge  and  simplify  it,  right?’ 
The  answer  I’d  give  you  is  that  it  is  a  very 
high  priority  [at]  Nortel. 

What  we  did  on  (the  Optical  Multi¬ 
service  Edge  product)  we  collapsed  three 
or  four  boxes  into  one,  on  a  very  scalable, 
flexible,  capable  product.  So  then  you  go 
into  Layer  3  and  Layer  7,  and  there  are 
multiple  boxes  and  we  have  to  do  what 
we  did  with  OME  at  the  Layer  2  and  Layers 
3  to  7.  So  we  understand  it,  and  that’s 
something  that  we’re  focused  on. 

Regarding  the  broadband  access  partnerships 
you  announced  recently:  Is  that  your  strategy 
to  address  that  market  or  do  you  plan  to  re¬ 
engage  yourself  internally  in  broadband 
access? 


■  BY  GRANT  GROSS 

WASHINGTON,  D.C.  —  An  appeals  court 
has  thrown  out  a  large  chunk  of  the  FCC 
rules  governing  what  parts  of  their  networks 
the  incumbent  local  exchange  carriers 
must  share  with  competitors. 

In  a  ruling  released  last  week,  the  U.S. 
Court  of  Appeals  for  the  District  of 
Columbia  Circuit  overturned  much  of  the 
so-called  Triennial  Review  Order  that  the 
FCC  approved  in  February  2003  and 
released  in  final  form  in  August.  The  deci¬ 
sion  directs  the  FCC  to  rewrite  the  rules  for 
how  ILECs  must  share  parts  of  their  net¬ 
works  with  competitors  such  as  AT&T  and 
Sprint,  collectively  called  competitive  local 
exchange  carriers  (CLEC). 

The  decision  is  a  setback  for  the  CLECs 


We  need  to  be  able  to  deliver  capability 
without  owning  everything.  Is  it  important 
to  offer  that  capability  now?  Yes,  we  need 
to  find  a  partner. The  biggest  issue  is  where 
are  these  inflection  points?  We’ve  got  to  hit 
those  inflection  points.  But  to  say  let’s  sit 
out  of  the  market  for  two  years  and  then 
hit  the  inflection  point,  our  view  is  you  lose 


and  state  public  utilities  commissions, 
which  had  power  under  the  FCC  plan  to  set 
some  of  the  network-sharing  rules.  The 
ILECs,  which  had  joined  the  U.S.  Telecom 
Association  (USTA)  in  the  lawsuit,  expect  to 
benefit  from  the  court’s  decision.  In¬ 
cumbent  carriers  had  criticized  the  FCC’s 
decision  to  leave  some  rulemaking  up  to 
the  states, arguing  that  forcing  them  to  com¬ 
ply  with  50  separate  sets  of  rules  would 
cause  uncertainty  in  the  industry. 

The  appeals  court  decision,  the  third 
court  ruling  overturning  FCC  telecom  rules 
since  1996,  doesn’t  affect  the  FCC’s  decision 
to  let  the  four  ILECs  stop  sharing  most  of 
their  broadband  networks,  including  DSL 
infrastructure  and  new  fiber  rollouts,  with 
competitors.  But  the  ruling  overturned  the 
FCC’s  decision  on  sharing  switching  facili- 


a  lot  by  not  being  in  the  market,  not  learn¬ 
ing  from  your  customers,  not  learning  the 
challenges.  So  we’ll  be  in  the  markets,  that’s 
part  of  that  game,  but  the  longer  game  is 
we’re  going  to  simplify  all  of  this  stuff.  And 
as  everything  collapses  into  simpler,  more 
integrated  platforms  and  so  on,  we’re  going 
to  be  a  player  in  that.  ■ 


back  to  FCC 

ties  and  some  high-capacity  DS-1  and  DS-3 
network  loops.The  court  ruled  that  the  FCC 
did  not  comply  with  the  1996 
Telecommunications  Act  when  it  left  some 
decisions  affecting  the  sharing  of  unbun¬ 
dled  network  elements  to  states  instead  of 
providing  federal  guidelines. 

The  USTA  and  the  incumbent  carriers 
cheered  the  court  decision.  “The  court 
action  is  a  victory  for  consumers  and 
should  help  this  industry  move  forward  in 
developing  healthy,  sustainable  and  eco¬ 
nomically  rational  competition  that  will 
extend  telecommunications  innovations 
farther  and  faster  in  the  marketplace,”  said 
William  Daley,  president  of  SBC. 

Gross  is  a  correspondent  with  the  IDG 
News  Service's  Washington,  D.C.,  bureau. 
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NetScreen,  the  company  protecting  many  of  the  world’s  largest 

enterprises,  now  has  security  built  to  fit  medium  enterprises 


Our  complete,  single  vendor  solutions  provide  network 


security  that’s  easily  managed.  Reduces  costs.  And  most 


importantly,  gives  your  network  the  iron-clad 
protection  it  needs  from  today’s  frequent  and 


complex  attacks.  Our  unequaled  solutions 


for  large  financial,  government  and 
manufacturing  networks  have  made 


Jr  us  the  world’s  fastest  growing  major 
network  security  company  over  the  last  two  years 


Now  there’s  no  better  fit  for  your  business 


Visit  www.netscreen.com/company/ad/iron-clad 


or  call  800-638-8296  to  learn  more 
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The  power  to  control  pretty  much  everything. 

A  constantly  changing  business  needs  IT  that  changes 
with  it  HP  OpenView  management  software,  used  by  every 
Fortune  100  company,  lets  you  see,  control  and  automate 
a  mixed  IT  environment  from  any  location.  The  result? 

Your  IT  stays  in  sync  with  the  demands  of  your  business, 
and  suddenly  change  doesn’t  seem  like  such  a  scary  thing, 
www. hp.com/info/openview 
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Porting  wireless  numbers  could  pay  dividends 


a  BY  DENISE  PAPPALARDO 

If  you’re  interested  in  significantly  reducing  your  com¬ 
pany’s  wireless  service  expenses,  it  might  be  time  to  go 
shopping  with  your  wireless  phone  numbers. 

St.  Joseph  Regional  Medical  Center  in  Patterson,  N.J., 
says  it  cut  its  monthly  wireless  service  bill  in  half  by 
porting  all  its  phone  numbers  from  AT&T  Wireless  to 
Cingular  Wireless. 

“We  were  with  AT&T  Wireless  for  over  five  years,”  says 
Kate  Wray,  systems  coordinator  at  the  medical  facility 
“We  saw  an  opportunity  to  look  for  better  cost  savings, 
and  Cingular  gave  us  the  best  deal.” 

Wireless  number  portability  is  the  reason  for  the  sav- 
ings.The  government  mandated  that  wireless  service 
providers  let  customers  port  their  phone  numbers  to 
other  carriers  in  the  top  100  cities  in  the  U.S.as  of  Nov. 
24. The  carriers  are  required  to  support  porting  in  the 
rest  of  the  country  by  May 

It  was  imperative  that  Wray’s  40  users  kept  their  current 
phone  numbers,  which  made  shopping  around  for  a 
better  price  impossible  in  the  past,  she  says.  It  was  espe¬ 
cially  important  for  St.  Joseph’s  social  workers  and  those 
who  work  with  its  community  outreach  programs  to 
keep  the  same  numbers  so  patients  and  clients  could 
stay  in  touch. 

So  when  wireless  number  portability  went  into  effect, 
Wray  didn’t  waste  time.  She  filed  her  porting  request  in 
the  first  week  of  December.  She  shopped  around  with 
several  carriers  and  chose  Cingular  because  of  the  total 
cost  of  the  deal.  When  porting  to  a  new  carrier,  cus¬ 
tomers  almost  always  need  to  buy  new  handsets  that 
are  compatible  with  the  new  carrier’s  network.  Cingular 
bundled  free  phones  with  lower  service  rates  and  won 
St.  Joseph’s  contract. 

Despite  predictions  of  wholesale 
defections,  droves  of  customers 
have  not  been  knocking  down  the 
doors  of  wireless  service  providers 
to  take  advantage  of  portability. 

Customer  churn  numbers  were  not 
up  substantially  in  the  fourth  quar¬ 
ter  (see  graphic).  But  carriers  that 
had  customer  service  issues,  espe¬ 
cially  AT&T  Wireless,  did  lose  a  sig¬ 
nificant  percentage  of  customers 
last  quarter. 

“For  the  most  part,  Nextel,  Sprint 
[PCS]  and  Verizon  [Wireless]  do  a 
very  solid  job,”  says  Randy  De 
Lorenzo,  vice  president  and  general 
manager  of  wireless  services  at 
Telewares,  a  consulting  firm  that 
negotiates  telecom  contracts  for 
large  companies.“Most  of  the  carri¬ 
ers  now  have  dedicated  project 
managers  who  work  with  users  on 
t  cutovers. These  porting  requests 
have  to  be  taken  as  seriously  from  a 
project-planning  sense  as  a  full 
iandline  cutover/ 

Now  that  carriers  have  had  a 
chance  to  work  out  system  glitches, 


more  businesses  are  examining  their  options. 

“We  are  seeing  nearly  every  enterprise  leverage  [wire¬ 
less  number  portability]  in  contract  negotiations,”  De 
Lorenzo  says.  Where  the  majority  of  users  were  looking 
at  porting  some  of  their  business  to  new  carriers,  some 
are  becoming  more  aggressive.“We’re  seeing  our  first 
10,000-phone  cutover  go  live,”  he  says. 

The  competition  wireless  portability  has  created  is 
new  to  carriers,  De  Lorenzo  says.  Even  customers  that 
are  happy  with  their  current  service  providers  should 
shop  around  and  maybe  even  move  some  of  their 
phone  numbers  to  another  carrier  as  a  bargaining  tool, 
experts  agree. 

“In  almost  all  cases,  carriers  are  absolutely  trying  to 
keep  users,”  he  says.“We  had  three  engagements  in  the 
last  four  months  where  carrier  CEOs  got  involved  in  the 
deal  to  try  to  keep  the  customer.  It’s  very  competitive.” 

Watch  ‘hidden  costs' 

While  all  users  might  not  cut  their  wireless  service 
expenses  in  half,  as  St.  Joseph’s  did,  Gartner  estimates 
that  a  company  with  1,000  wireless  users  could  reduce 
its  annual  service  costs  by  more  than  $200,000.  But 
Gartner  also  points  to  “hidden”  costs  that  users  might  not 
initially  think  about. 

St.  Joseph’s  opted  for  Cingular’s  free  phones  for  its 
users,  but  this  option  might  not  fit  the  bill  for  all  compa¬ 
nies.  Some  require  phones  with  features  such  as  voice 
dialing,  push-to-talk  or  text-messaging  support.These  are 
typically  features  that  are  not  included  in  free  phones 
that  carriers  offer  new  customers. 

Gartner  estimates  that  a  company  with  1,000  users 
could  pay  as  much  as  $235,000  for  new  phones  and 
another  $15,000  to  train  employees  on  how  to  use  the 
new  service  and  their  phones 
most  effectively 

While  De  Lorenzo  says  he  thinks 
Gartner’s  estimates  are  on  the 
high  side,  the  fact  is  that  phones 
that  support  push-to-talk,  for 
instance,  can  cost  $200  each.  But 
he  recommends  users  focus  on 
the  overall  deal  and  not  individ¬ 
ual  handset  costs.“A  well-negotiat¬ 
ed  agreement  looks  at  the  total 
cost,”  he  says. 

For  example,  customers  should 
lay  out  exactly  what  they  need  in 
terms  of  handset  features  and 
geographic  reach.  Experts  say  that 
ensuring  your  new  carrier  has 
solid  service  in  all  the  markets 
that  your  users  frequent  is  just  as 
important  as  price.  A  lower 
monthly  bill  will  not  make  a  dif¬ 
ference  if  users  regularly  lose 
calls  or  can’t  get  service. 

Nothing  is  mature  after  three 
months,  and  wireless  number 
portability  is  no  different. The  sys¬ 
tem  is  not  without  problems. 

From  the  time  St.  Joseph  put  in 
its  porting  request  to  AT&T 


Sizing  up  the  carriers 

While  Verizon  Wireless  had  the 
most  customers  at  year-end  2003, 
the  pending  merger  of  AT&T 
Wireless  and  Cingular  should 
result  in  the  biggest  customer 
base  this  year. 
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I  AT&T  Wireless  ■  Cingular  Wireless 
I  Sprint  PCS  Verizon  Wireless 
I  Nextel  Communications  ■  T-Mobile 


As  the  wireless  world  chums 

AT&T  Wireless,  which  acknowledged  having 
problems  implementing  wireless  number 
portability  in  the  fourth  quarter,  suffered  the 
highest  customer  churn  rate  among  leading 


I  Percentage  of  customers  lost  in  the  fourth  quarter 
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NOTE:  Churn  rate  was  not  available  forT-Mobile. 


■  AT&T  Wireless  ■  Cingular  Wireless  IS  Sprint  PCS 
Verizon  Wireless  ■  Nextel  Communications 


Wireless,  it  took  two  and  a  half  weeks  for  the  carrier  to 
release  its  numbers,  Wray  says.“Once  the  numbers  were 
released,  95%  of  them  went  over  to  Cingular  in  one  after¬ 
noon/she  says. 

The  remaining  phones  trickled  in  through  the  rest  of 
the  week,  she  says.  Not  knowing  when  the  numbers 
would  cut  over  was  difficult  from  a  handset  manage¬ 
ment  perspective.  She  is  still  waiting  for  AT&T  to  explain 
why  it  took  so  long  to  release  the  numbers. 

“It  would  have  been  nice  to  have  been  notified  that 
the  cutover  was  happening  so  we  could  notify  our 
users,”Wray  says.’That  could  have  gone  better.” 

Other  than  the  wait  and  lack  of  clarity  on  when  the 
cutover  would  happen,  Wray  says  overall  her  porting 
experience  was  positive  —  especially  when  she  consid¬ 
ers  the  company’s  cost  savings. 

To  ensure  a  smooth  transition,  some  analysts  recom¬ 
mend  users  stipulate  certain  guarantees  in  the  service- 
level  agreement  (SLA)  of  their  new  contract  that  covers 
porting.  Gartner  says  the  SLAs  should  cover  how  long 
the  porting  process  should  take,  how  accurate  the  port¬ 
ing  will  be  and  penalties  if  the  carrier  does  not  meet  the 
guarantees. 

Gartner  says  users  should  demand  daily  progress 
reports  from  both  carriers  to  make  sure  each  upholds  its 
end  of  the  bargain  ■ 


More  online! 

Check  out  the  latest  on-demand  Webcasts 
covering  security,  remote  access,  data  centers 
and  more!  All  Webcasts  offer  fully  searchable, 
clickable  agendas  from  your  desktop. 

DocFinder:  9933 
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■  AN  INSIDE  LOOK  AT  THE 
TECHNOLOGIES  AND  STANDARDS 
SHAPING  YOUR  NETWORK 


XMPP  transports  presence  data 


HOW  IT  WORKS 


XMPP 

Extensible  Messaging  and  Presence  Protocol  for  instant 
messaging  and  presence  enables  applications  to 
communicate  with  each  other. 


george@partner.example 
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jill  @  enterprise,  example 
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O  Bob  sends  a  message  to  George. 

©  The  enterprise  XMPP  server  uses  DNS  to  look  up  the  partner  server.  The  server  connects  to 
the  partner  server  and  authenticates. 

©  The  XMPP  partner  server  verifies  that  there  is  a  George  attached  to  the  server  and  that 
Bob  is  authorized  to  communicate  with  George. 

O  Bata  flows  between  Bob  and  George. 

©  Jill  is  on  a  mobile  device  with  an  SSL-encrypted  connection  to  the  enterprise  XMPP  server.  She  requests  an 
enterprise  application  that  is  a  client  on  the  partner  server. 

©  Through  the  same  process  that  Bob  and  George  use  to  connect,  Jill  receives  a  stream  of  XML  data  that  is  rendered 
on  her  relatively  low-powered,  low-featured  terminal. 


Line-of-business 

application 


■  BY  JOE  HILDEBRAND 

Businesses  increasingly  require  real¬ 
time  interaction  among  people,  applica¬ 
tions  and  devices  that  span  many  net¬ 
works.  Extensible  Messaging  and  Pres¬ 
ence  Protocol  offers  a  way  to  route  con¬ 
text-sensitive  data  among  a  complex  inter¬ 
connection  of  nodes. 

XMPP  is  an  XML  streaming  protocol  for 
presence  and  messaging  routing.  Recently 
ratified  as  an  IETF  standard,  XMPP  serves 
as  the  basis  for  the  Jabber  instant-messag¬ 
ing  system  and  provides  a  secure  but  eas¬ 
ily  programmed  language  for  linking 
diverse  networks. 

The  core  of  XMPP  routing  is  an  interna¬ 
tionalized  logical  addressing  scheme  that 
is  best  represented  as  node@domain/ 
resource.  In  the  Jabber  IM  system  this 
scheme  is  referred  to  as  the  Jabber  ID 
(JID).The  domain  portion  can  be  looked 
up  in  the  DNS,  similarly  to  an  e-mail 
address.  As  in  Simple  Mail  Transfer 
Protocol,  servers  (the  domain  portion  of 
an  SMTP  address)  connect  with  one 
another  on  behalf  of  users  (the  node  por¬ 
tion  of  an  SMTP  address).  In  XMPP  the 
node  portion  can  denote  an  IM  user,  an 
application  or  a  service. The  resource  por¬ 
tion  is  a  connection  identifier  that  lets  a 
single  user  be  logged  on  multiple  times 
simultaneously. 

When  nodes  connect  to  a  server,  they 
authenticate  using  credentials  from  the 
local  directory  system,  specify  a  resource 
and  tell  to  the  server  to  announce  their 
presence  to  subscribers  (for  example,  the 
buddies  on  one  user’s  roster). Servers  find, 
connect  and  authenticate  to  one  another, 
letting  any  node  connected  to  the  com¬ 
munity  talk  to  any  other  node  regardless 


of  their  home  server  (domain),  as  long  as 
no  privacy  or  business  rules  are  violated. 

Each  XMPP  stanza  is  a  chunk  of  XML 
structured  data  that  is  addressed  to  a  JID. 
Each  stanza  type  can  be  extended  with 
any  properly  name-spaced  XML  struc¬ 
tured  data.  The  Jabber  Software  Foun¬ 
dation  (JSF)  acts  as  a  standards  body  for 
these  extensions,  much  like  the  World 
Wide  Web  Consortium  standardizes  Web 
formats.  But  any  organization  or  set  of 
trading  partners  also  can  decide  on  de 


facto  formats  as  needed. 

XMPP  serves  as  a  universal  transport 
layer  for  XML  structured  data.  It  embeds 
presence  and  context  sensitivity  into  that 
data,  which  lets  the  data  be  routed  effi¬ 
ciently  to  the  most  appropriate  resource. 

The  protocol  is  layered  in  such  a  way 
that  it  allows  maximum  simplicity  of  im¬ 
plementation  for  clients.  For  example,  one 
of  the  extensions  the  JSF  provided  is  a 
specification  for  gateways  to  other  IM  sys¬ 
tems.  A  client  can  use  XMPP  to  talk  to  any 


IM  vendor’s  system  for  which  such  a  gate¬ 
way  exists. This  simplicity  of  implementa¬ 
tion  has  fostered  a  large  open  source 
community  and  many  interoperable  com¬ 
mercial  implementations  of  XMPP 

While  IM  interoperability  is  a  hot  topic, 
another  useful  benefit  of  XMPP  is 
enabling  real-time  communication  of 
presence  information  across  applications. 

For  instance,  a  CRM  or  other  enterprise 
application  can  appear  as  a  client  to  an 
XMPP  server.  At  the  discretion  of  the 
administrator,  other  entities  can  know  the 
presence  and  availability  of  that  applica¬ 
tion  to  receive  and  process  specific  data. 
Using  the  XMPP  network  as  the  common 
transport  mechanism,  an  application 
residing  in  one  organization  can  —  with¬ 
in  the  confines  of  the  governing  business 
rules  and  logic  —  efficiently  communi¬ 
cate  with  an  application  or  person  resid¬ 
ing  outside  that  organization. 

One  example  is  a  CRM  application  using 
XMPP  to  dynamically  move  data  to  the 
most  appropriate  and  best  available 
resource.  This  might  be  a  customer 
approval  form  sent  to  a  cell  phone,  or  the 
data  associated  with  an  escalating  trouble 
ticket  moved  from  front-line  support  to  an 
available  support  resource  in  real-time. 

XMPP  already  has  thousands  of  deploy¬ 
ments.  The  standard  has  gained  signifi¬ 
cant  market  traction  because  it  is  inher¬ 
ently  open  and  clear.  Native  XML  design 
also  provides  developers  and  architects 
with  more  options  to  build  the  interfaces, 
business  rules  and  logic  that  will  let  their 
legacy  and  emerging  applications  com¬ 
municate  with  each  other. 

Hildebrand  is  chief  architect  at  Jabber.  He 
can  be  reached  at  jhildebrand@jabber.com. 


Dr.  Internet  By  Steve  Blass 

As  most  machines  on  the  Internet  have  a  unique  IP 
address,  why  can't  we  avoid  media  access  control 
and  use  IP  addressing  all  the  way  to  the  destina¬ 
tion  machine? 

Because  LAN  hardware  relies  on  data  link  layer 
communications  for  data  delivery  to  destination 
machine.  Frames  transmitted  across  a  physical 
network  must  contain  the  hardware  address  of 
the  destination.  The  IEEE  802  protocols  for  shared 


multi-access  LANs  divide  the  data  link  layer  into  a 
Logical  Link  Control  layer  that  provides  a  way  to 
address  a  station  on  a  LAN,  and  a  MAC  layer  that 
provides  the  interface  to  network  media  and 
frames  data  for  transmission  over  the  network. 
TCP/IP  sits  on  top  of  the  LLC  layer.  IP  addresses 
are  virtual  addresses  in  software  that  provide  a 
network  interface  for  applications  to  communi¬ 
cate  across  physical  network  implementations. 
There  are  no  Internet  protocols  at  the  data  link 


and  physical  layer.  Internet  protocols  were 
designed  for  underlying  network  technology  (see 
www.ietf.org/rfc).  TCP/IP  provides  the  layer  of 
abstraction  for  internetworking  across  physical 
network  boundaries,  but  IP  relies  on  the  physical 
network  to  deliver  data  to  destination  machines. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@change 
atwork.com. 
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Cascading  Style  Sheets  (4),  woo-hoo! 


GEARHEAD 

INSIDE  THE  WW- 
NETWORK 

MACHINE  PlA^r  | 

Welcome  to  week  four  of  Cascading 
Style  Sheets.  Last  week  we  began  a 
descent  into  the  depths  of  Dynamic 
HTML,  a  quasi-standard  that  lets  scripting 
languages  modify  HTML  content  (which 
includes  CSS)  to  make  Web  content  dy¬ 
namic.  We  started  in  on  the  architecture 
that  defines  the  content  of  a  browser  win¬ 
dow:  the  document  object  model. 

But  we  didn’t  mention  the  relationship  of 
XML  to  DHTML.  You  treat  an  XML  tag  like 
an  HTML  tag,  although  to  be  rendered  the 
browser  must  support  XML  and  the  XML 
content  must  be  declared  (let  us  know  if 
you’d  like  us  to  look  at  this  topic). 

We  concluded  last  week  threatening  to 
discuss  document  object  model  (DOM) 
standards, so  here  goes:  In  books  and  on¬ 
line  you  will  find  references  to  the  Net¬ 
scape  Layer  DOM,  the  Microsoft  IE  All  DOM 
and  the  World  Wide  Web  Consortium’s 
(W3C)  ID  DOM. 

These  were  all  versions  of  DOMs  that  are 
now  effectively  obsolete  unless  you  need 


to  support  older  browsers. 

Today  the  working  DOM  for  browsers  is 
the  W3C’s  DOM.  Here’s  the  W3C  DOM 
Working  Group’s  description  of  the  specifi¬ 
cation:  “This  document  contains  the  re¬ 
quirements  for  the  DOM,  a  platform-  and 
language-neutral  interface  that  allows  pro¬ 
grams  and  scripts  to  dynamically  access 
and  update  the  content,  structure  and 
style  of  documents.  The  DOM  provides  a 
standard  set  of  objects  for  representing 
HTML  and  XML  documents,  a  standard 
model  of  how  these  objects  can  be  com¬ 
bined  and  a  standard  interface  for  access¬ 
ing  and  manipulating  them.  Vendors  can 
support  the  DOM  as  an  interface  to  their 
proprietary  data  structures  and  APIs,  and 
content  authors  can  write  to  the  standard 
DOM  interfaces  rather  than  product-spe¬ 
cific  APIs,  thus  increasing  interoperability 
on  the  Web”  (see  www.nwfusion.com, 
DocFinder:  1027). 

Dissecting  DOM 

The  DOM  specification  contains  several 
layers:  Level  1  is  the  core  for  HTML  and 
XML  document  models,  with  functionality 
for  document  navigation  and  manipula¬ 
tion.  Level  2  includes  a  style  sheet  object 
model,  defines  functionality  for  manipulat¬ 
ing  style  information  attached  to  a  docu¬ 


ment,  enables  traversal  of  the  elements  of  a 
document,  defines  an  event  model  and 
provides  support  for  XML  namespaces. 
Level  3  (which  is  not  yet  finished  —  see 
DocFinder:  1028  for  details)  will  specify 
document  loading  and  saving;  content 
models  with  document  validation  support; 
address  document  views;  and  formatting, 
key  events  and  event  groups. 

The  DOM  Level  1  and  Level  2  specifica¬ 
tions  are  final,  so  developers  can  imple¬ 
ment  them  without  fear  of  the  specifica¬ 
tions  changing. 

Using  the  DOM  you  can  create,  read  and 
modify  elements  in  the  structure  of  a  doc¬ 
ument  loaded  in  a  browser  window  using 
a  scripting  language  embedded  in  the  doc¬ 
ument.  We’ll  consider  JavaScript,  although 
you  could  use  other  scripting  languages 
such  as  VBScript  and  Perl. 

But  if  that  is  all  there  was  to  the  DOM, 
there  wouldn’t  be  much  dynamism  in¬ 
volved.  Nope,  the  DOM  also  includes  event 
handlers  that  are  triggered  when  certain 
things  happen  to  or  in  a  document  or  an 
element  in  a  document. 

There  are  many  types  of  events,  including 
object  events  (onLoad),  element  events 
(onFocus),  and  mouse  events  (onMouse- 
Over,onMouseOut).For  a  complete  list  and 
an  in-depth  description,  see  DocFinder: 


1029;  and  for  a  simpler  description  of  the 
events  that  apply  to  HTML  4.0,  see  Doc¬ 
Finder:  1030.  As  a  simple  example,  consider 
the  following  code  that  would  be  in  the 
body  of  a  document: 

<img  name  =“strangedevice” 
onMouseOver  =  ‘  document.images. 
strangedevice.src  = “flagup.jpg”’ 
onMouseOut  =  ‘  document.images. 
strangedevice.src  =  “flagdown.jpg”’ 
src  -“flagdown.jpg”> 

The  event  handlers  in  this  code  reference 
the  object  document.images.strangede- 
vice,  which  is  the  identity  of  the  image  tag 
the  event  handlers  are  embedded  in.  The 
image  tag  initially  displays  the  contents  of 
the  file  flagdown.jpg,  but  when  the  mouse 
is  moved  over  the  image  the  event  on¬ 
MouseOver  is  triggered,  causing  another 
image  named  flagup.jpg  to  load.  When  the 
event  onMouseOut  is  triggered, the  original 
image,  flagdown.jpg,  is  reloaded. 

The  image  object  could  be  referred  to  as 
images.strangedevice  (the  root  object,  doc¬ 
ument,  is  implicit),  or  just  strangedevice  be 
cause  it  is  a  unique  ID  in  the  document  (al¬ 
though  that  could  lead  to  errors). 

Next  week,  a  more  complex  and  generic 
version  of  the  image  rollover  above. 

Your  code  to  gearhead@gibbs.com. 


Cool 

Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Here  are  some  testing  nuggets  from  the  Cool  Tools  labs: 

Product  name:  Psion  Teklogix  NetBook  Pro 

Company:  Psion  Teklogix 

Price:  $1,500 

What  it  does:  A  cross  between  a  PDA  and  a  notebook 
computer,  the  NetBook  Pro  gives  users  word  processing 
ability, Web  surfing  and  other  Microsoft  application-viewing 
capabilities. The  system  is  based  on  Windows  CE  and  can 
connect  to  a  PC  for  synchronizing  contact  data  and  file 
transfers. The  device’s  expansion  slots  (including  a  Secure 
Digital/MultiMedia  Card,  Compact  Flash  and  PC  Card  slot) 
allow  for  extra  memory  or  communications  ability  (such  as 
a  56K  bit/sec  modem  or  802.11b  wireless 
LAN  card).  The  NetBook  Pro  is  ex¬ 
tremely  small,  with  a  tiny  key¬ 
board  and  a  touch  screen 
with  a  stylus  for  mouse  func¬ 
tions. 

Why  it’s  cool:  For  users  who 
need  basic  applications  such  as 
word  processing,  email  and  Inter¬ 
net  browsing, the  NetBook  is  a  great 
alternative  to  a  heavier  laptop. 

Grade:  ★★★★V  (out  of  five) 


Psion  Teklogix's  NetBook  Pro  offers 
users  basic  functions  in  a  small  package. 


Product:  GeoSentry  PT-100 

Company:  GeoSentry  —  (www.geosentrybiz) 

Price:  $1,000  for  the  unit;  $100  per  month  for  service. 
What  it  does:  While  conventional  wireless  and  GPSs  are 
not  new,  the  GeoSentry  PT-100  goes  further. The  unit  is  self- 
contained  —  batteries,  antennas  and  electronics  are 
encased  in  the  device.  GeoSentry  offers  its  SureTrak  4- 
in-1  system,  which  offers  cell  phone  tower  estimation 
when  the  reception  is  blocked  from  GPS;  en¬ 
hanced  sensitivity  to  GPS;  a  beacon  transmitter 
for  precise  asset  location  and  recovery;  and  an 
audio  buzzer  that  offers  another  way  to  locate 
the  unit. Once  deployed, locating  the  device 
is  done  through  a  GeoSentry  Web  site, 
tracking  through  mapping  software. 

Why  it’s  cool:  The  Web  site  is  easy  to  use 
for  tracking  PT-100  devices,  and  the  unit  is 
easy  to  turn  on,  recharge  and  associate 

with  the  satellite.  If  you  need  to  track  items, 
whether  they  are  trucks,  packages  or  other 
things,  this  an  easy-to-use  system. 

Grade:  ★★★★ 


Product:  Auvi  SA 100-64 
Company:  Auvi  Technologies 
Price:  $50 

What  it  does:  This  audio  player 
connects  via  USB  to  a  PC  for 
file  transfer.lt  runs  on  one 
triple-A  battery  and  is 
the  size  of  a  stick  of 
gum,  making  it  perfect 
for  using  while  exercising 
and  other  activities. 


The  no-frills  Auvi  SA  100-64  is 
great  for  workouts. 


Why  it’s  cool:  Sometimes 
we  love  the  basics  —  there 
are  no  frills  on  this  device, 
such  as  a  display  or  fancy  file 
support.  If  you  own  a  larger, 
hard-drive-style  MP3  player  (such 
as  an  iFbd),you  already  have  what 
you  need  to  create  music  files.  This 
then  becomes  an  accessory  to  that 
player.  The  SA 100-64  is  a  great  tool  for 
workouts.  At  $50  it’s  also  good  for  users  look¬ 
ing  for  basic  features. 

Grade:  ★★★★ 


Product:  DocuPen  portable  scanner 
Company:  Planon  System  Solutions 

Price:  $200 

What  it  does:  This  portable  scanner  lets  you  scan  articles, 
and  letters  by  dragging  the  pen  down  the  length  of  the 
document.  It  scans  at  100  or  200  dpi,  and  then  transfers  to 
a  PC  via  serial  or  USB  cable.  If  you  have  paper  documents 
you  want  to  store  in  electronic  format,  using  the  DocuFten 
is  an  easy  way  to  scan  them  in. 

Why  it’s  cool:  There’s  a  cool  James  Bond  feeling  when 
we  use  the  scanner,  as  if  we’ve  broken  into  some  secret 
headquarters  to  find  the  plans  of  the  enemy  More  impor¬ 
tantly,  the  scanner’s  portability  makes  it  great  for  road  war¬ 
riors  who  need  to  send  documents  electronically  and 
don’t  have  the  space  to  lug  around  a  larger  scanner. 

Grade:  ickici 


Shaw  can  be  reached  at  kshaw@nww.com. 
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EDiTORiAL 

John  Dix 

How  the  bad 
guys  view 
software 

The  recent  RSA  Security  conference  might  have 
seemed  like  an  odd  venue  to  announce  a  book 
called  Exploiting  Software:  How  to  Break  Code ,  but 
the  intention  isn’t  what  it  seems.The  authors  hope  that 
showing  why  software  is  vulnerable  and  how  people  try 
to  take  advantage  of  it  will  result  in  more  secure  systems. 

The  author  of  the  foreword,  Aviel  Rubin,  technical  direc¬ 
tor  of  the  Information  Security  Institute  at  Johns  Hopkins 
University,  puts  it  this  way:  The  authors  “have  done  a  mar¬ 
velous  job  of  explaining  why  software  is  exploitable,  of 
demonstrating  how  exploits  work  and  of  educating  the 
reader  on  how  to  avoid  writing  exploitable  code.” 

For  co-author  Gary  McGraw,  this  is  the  latest  in  a 
string  of  books  about  information  security:  Earlier 
works  include  Securing  Java  and  Building  Secure 
Software.  In  fact,  McGraw  sees  Exploiting  Software  as  a 
natural  complement  to  Building  Secure  Software, 
which  he  wrote  in  2001. 

“ Building  Secure  Software  got  the  ball  rolling  on  soft¬ 
ware  security’ McGraw  says.'The  problem  is,  on  the  appli¬ 
cation  side  there  are  a  lot  of  vendors  concentrating  on 
the  right  problem  —  they  understand  software  is  a  secur¬ 
ity  problem  —  but  they  are  taking  an  outside-in 
approach,  saying  if  we  just  do  some  black-box  testing  or 
protect  this  broken  software  with  an  application  firewall 
we'll  be  OK.That  doesn’t  take  into  account  the  true 
nature  of  the  software  exploit,  so  that’s  why  Greg  Hoglund 
and  1  decided  to  write  Exploiting  Software,  to  make  the 
discourse  about  the  real  problem  clearer.” 

In  the  book  McGraw  says  “software  defects  are  the  sin¬ 
gle  most  critical  weakness  in  computer  systems”  and  “bad 
software  is  ubiquitous.” 

Asked  if  network  defenses,  then,  are  merely  chewing 
gum  stuck  in  the  cracks  of  a  sinking  ship,  McGraw  says: 
“The  fact  is,  network  security  mechanisms  are  necessary 
but  not  sufficient.  We  keep  trying  to  protect  our  broken 
stuff  from  exploit  by  building  a  perimeter  defense  around 
it. The  notion  of  defending  the  edges  is  not  bad,  it  just 
doesn’t  work  all  the  time.  Especially  when  it  comes  to 
complex  software  that  is  Internet-based,  highly  distributed 
and  designed  to  be  extensible.  As  software  gets  more 
important  and  more  complicated,  the  chances  of  us  solv¬ 
ing  our  problem  with  edge-level  network  mechanisms  is 
zero. We  have  to  make  software  more  secure  from  the  get- 
go.”  (See  a  full  interview  with  McGraw  at  www.nwfusion 
.com.  DocRnder:  1033.) 

The  book  gives  a  good  inside  look  at  where  you  might 
be  most  vulnerable  and  goes  in-depth  into  several  sub¬ 
jects,  including  buffer-overflow  problems. 


—  John  Dix 
Editor  in  chief 
jdix@nww.com 


www.nwfusion.com 


opinions 


Charging  for  e-mail 

Regarding  Mark  Gibbs’  Backspin  column  “The 
charge  is  in  the  e-mail”  (www.nwfusion.com,  Doc- 
Finder:  1022):  I  agree  e-mail  postage  is  a  silly  idea, 
but  not  for  the  reasons  Gibbs  cites.  People  wouldn’t 
leave  the  ’Net  in  droves;  they  would  simply  use  a  dif¬ 
ferent  method  to  send  one  another  messages. 

It  would  take,  oh,  15  minutes  after  the  postage 
scheme  was  announced  for  peer-to-peer  servers  to 
appear  that  would  route  messages  to  destination 
addresses  and  maybe  hold  them  for  people  to  call 
for  them.  It  wouldn’t  take  much  for  I-got-it  messages 
to  be  sent  back  to  the  sender.The  system  would  look 
rather  like,  er,  e-mail.  It  just  wouldn’t  use  the  metered 
e-mail  servers. 

Bill  Meakin 
Alameda,  Calif. 

Mark  Gibbs  and  Bill  Gates  are  all  wet.  Charging  for 
e-mail  is  the  only  way  spam  is  going  to  come  under 
control,  because  you  make  it  advantageous  for  any¬ 
one  with  a  significant  volume  of  received  mail  to 
collect  from  those  who  sent  it,  with  charges  maybe 
being  forwarded  through  those  who  relay  mail. 

Charge  .01  cent  per  e-mail,  for  instance.  Charge 
another  .01  cent  per  megabyte  in  an  e-mail.  For  the 
average  consumer,  that’s  going  to  be  much  less  than 
a  dollar  per  month.  The  ISP  can  round  it  into  the 
monthly  charge  and  only  item-bill  its  spam  origina¬ 
tors,  if  it  has  any  left,  after  the  first  month. 

But  for  the  spammer,  it’s  going  to  cost  some  gen¬ 
uine  bucks  (something  like  $100  per  million,  if  my 
math  is  right). Still  less  expensive  than  snail  mail, but 
no  longer  free.  It  won’t  end  spam,  but  it’ll  force  the 
spammers  to  start  targeting  their  recipients. 

The  billing  infrastructure  can  be  written  in  Perl  in 
less  than  a  day  It  probably  can  be  a  one-liner.  Have  a 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


contest.  How  hard  can  it  be?  Every  mail  server  in 
existence  has  mail  logs. 

You  don’t  need  a  government  agency  involved, just 
a  little  old-fashioned  greed.  Say  as  ISP  A  you’re  enti¬ 
tled  to  collect  $500  in  net  received  e-mails  from  ISP 
B  (a  spammer).  If  ISP  B  doesn’t  pay  up, you  just  quit 
accepting  mail  from  it.  Other  ISPs  treat  you  the  same 
way  Those  that  originate  huge  volumes  pay  those 
who  receive  those  volumes.The  average  consumers 
pay  nothing  and  get  nothing,  except  maybe  a  lower 
volume  of  spam  in  their  mailboxes.  Enforcement 
isn’t  necessary  we  just  have  to  get  the  first  few  large 
ISPs  to  start.  It’ll  spread  like  wildfire. 

Do  I  have  all  the  details  worked  out?  No.  Do  I  think 
it’s  worth  a  try?  Yes.  Does  anyone  have  a  better  idea? 
I  haven’t  heard  it. 

David  Neill 
Oklahoma  City  Okla. 

In  his  column  “The  charge  is  in  the  e-mail,”  Mark 
Gibbs  writes:“In  [Bill]  Gates’ scheme,  the  message 
recipient  would  get  to  set  a  price  to  be  paid  by  the 
sender  if  the  recipient  rejects  a  message  as 
unwanted.  Of  course  there’s  no  product  yet  to 
back  up  this  vision.” 

I  have  been  using  a  similar  product  since  January 
2003,  and  Gates/Microsoft  had  nothing  to  do  with 
it.  It’s  called  Vanquish  and  it  lets  e-mail  come  to  me 
at  my  discretion.  Since  January  2003,  more  than 
39,000  spams  have  been  deflected  from  my  in-box. 
Unknown  senders  can  get  into  my  in-box  in  one  of 
two  ways:  verify  they  are  who  they  say  they  are  (in 
which  case,  1  am  given  a  confirmed  sender 
address)  or  purchase  a  bond  from  Vanquish.  A  por¬ 
tion  of  that  bond  becomes  default  if  that  company 
sends  something  to  me  that  I  determine  to  be 
spam. 

Byron  Todd 

Consultant 
Todd  Computer  Solutions 
Rainbow  City  Ala. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  (opics.  DocFinder:  1021 
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INTRANET  ADVISOR 

Daniel  Blum 


ffshore  outsourcing  might  be  a  good 
|  economic  decision  for  some  organiza¬ 
tions  based  on  lower  labor  costs.  But 
make  sure  you  carefully  consider  the  secur¬ 
ity  risks  of  the  decision. 

Regulations  such  as  the  Health  Insurance 
Portability  and  Accountability  Act,  Gramm- 
Leach-Bliley  Act  and  California’s  SB  1386  require  companies  to  pro¬ 
tect  privacy  and  impose  stiff  financial  or  disclosure  penalties  if  they 
do  not.  Such  regulations  apply  equally  to  data  owners  and  out¬ 
sourcers  within  the  U.S.,but  not  necessarily  to  outsourcers  in  China 
or  India,  which  are  relatively  regulatory-free  jurisdictions.  Investigate 
these  IT-related  regulatory  issues  with  your  legal  department. 

Other  risks  come  from  giving  outsourced  staff  access  to  IT  systems 
within  your  network.  I  recently  met  with  a  financial  services  com¬ 
pany  that  gives  outsourcers  VPN  access  to  development  systems  for 
system  maintenance,  coding  and  testing. 

Although  the  company  had  provided  network  access  to  vendors 
before,  offshoring  cast  the  practice  in  a  new  light:  Low-paid,  rela¬ 
tively  high-skilled  unknown  workers  would  be  coming  right  into 
the  soft  center  of  the  intranet. 

The  first  line  of  protection  is  to  set  up  user  authentication  and  fire¬ 
wall  rules  that  constrain  which  IP  addresses  each  remote  user  can 
access.This  method  increases  management  complexity,  but  the  real 
problem  is  that  firewall  rules  only  lock  down  the  first  hop;  once  a 
user  has  access  to  an  internal  host,  he  might  gain  access  to  other 
hosts  through  telnet,  Windows  Terminal  Server,  Internet  Explorer, 


Weigh  risks  of  offshore  outsourcing 


rlogin,  rsh  or  many  other  facilities.  Outsourced  programmers  also 
easily  can  “root”  development  machines,  install  Trojan  horses,  corrupt 
production  databases  and  cause  other  problems. 

There  are  no  fully  satisfactory  mitigation  strategies  for  a  second 
line  of  defense.  You  can  try  to  use  Web  access  rather  than  VPN 
access,  but  not  all  applications  can  be  Webified.  Hosts  can  be  hard¬ 
ened,  but  it’s  difficult  to  contain  a  savvy  power  user  with  access  to  a 
machine.  Development  hosts  can  be  zoned  off  into  a  private  area, but 
that  still  leaves  all  the  hosts  vulnerable  to  any  one  outsourcer.  An 
intrusion-detection  system  can  scan  for  improper  traffic,  but  IDSs  are 
notoriously  expensive  and  hard  to  get  right. 

The  irony  is  that  all  these  countermeasures  —  several  of  which 
might  be  required  —  directly  contradict  the  original  outsourcing 
objective  to  cut  costs.  In  the  long  run,  companies  might  find  it  more 
expensive  to  outsource  than  to  leave  work  in-house.  How  will  your 
company  do  sufficient  background  checks  on  all  the  offshore  out¬ 
sourcer’s  employees?  Do  you  plan  to  conduct  audits  of  completed 
code  to  ensure  no  back  doors  have  been  planted  for  future  access? 

Make  sure  you’re  ready  with  architecture  plans,  cost  estimates  and 
risk  assessments  before  that  outsourcing  request  lands  on  your  desk. 
There  are  a  number  of  forums  where  colleagues  in  your  industry 
might  be  studying  the  minimum  required  practices  for  offshore  out¬ 
sourcing.  Attend  one  —  and  get  ready. 


The  irony  is  that 
all  these  counter¬ 
measures  . . . 
directly  contra¬ 
dict  the  original 
outsourcing 
objective  to  cut 
costs. 


Blum  is  senior  vice  president  and  research  director  with  Burton 
Group,  an  integrated  research,  consulting  and  advisory  service.  He  can 
be  reached  at  djb-feedback@earthlink.com. 


TELECOM  CATALYST 

Daniel  Briere 

Every  time  I  see  a  government  official  or 
someone  on  CNBC  talk  about  improving 
U.S.  productivity,  I  immediately  think  of 
the  obvious  solution  —  find  a  way  to  stop 
spam,  and  you’ll  see  productivity  increase 
tremendously 

I’m  not  advocating  a  governmental  or  leg¬ 
islative  answer;  what  we  need  is  a  technology  breakthrough.  But  what 
we’re  getting  are  quick  fixes  that  might  create  more  problems  than  they 
solve.  What  I’m  specifically  against  are  the  easy,  blanket  answers  to 
which  many  large  providers  resort  because  they  can’t  move  fast  enough 
to  really  deal  with  the  problem  in  a  more  technically  advanced  way 
Take  Time  Warner’s  Road  Runner  service.  I’ve  had  problems  with 
Road  Runner  blocking  various  domains  associated  with  some  of  my 
clients.  Road  Runner  says  it  uses  outside  lists  to  manage  its  spam 
attacks  and  even  offers  up  whitelists  it  accesses  to  find  legitimate 
e-mailers.  However,  Road  Runner  also  will  block  ranges  of  IP  addresses 
from  ISPs  that  have  allowed  spam  to  come  from  any  server  in  their  sub¬ 
scriber  base.That  definition  of  “spammer”  pretty  much  covers  every  ISP 
in  the  U.S. 

My  company  uses  two  ISPs,  InterNap  and  Media3,and  both  have  the 
same  problem  with  Road  Runner: They  are  regularly  being  classified  as 
spam  sources, and  they  have  to  undertake  about  a  two-week  process  to 
get  the  specific  IP  addresses  of  non-spamming  clients  cleared  up.  And 
in  that  time  frame,  no  e-mails  from  any  of  the  IP  addresses  in  their  IP 
ranges  can  get  through  to  Road  Runner  subscribers. 

Right  now,  we’re  having  to  work  through  just  this  issue  with  Road 
Runner  to  get  e-mail  turned  back  on  so  we  send  e-mail  on  the  Road 
Runner  system.  So  despite  its  claim  to  a  high  level  of  sophistication, 
Roadrunner  takes  the  “throw  the  baby  out  with  the  bathwater” 
approach  by  cutting  off  the  ISP  and  the  IP  range  altogether. This  Road 
Runner  problem  hits  us  every  two  or  three  months,  and  each  time  it 
takes  two  weeks  to  resolve.The  most  irritating  part  about  all  this  is  that 


Quick  fix  is  no  fix  for 


Road  Runner  does  not  notify  the  sender  that  it  is  deleting  the  inbound 
e-mails;  it  just  sends  an  admin-class  e-mail  to  the  originating  server,  so 
you  never  know  your  e-mails  are  not  arriving. 

The  same  problem  exists  with  network-based  virus  protection,  some¬ 
thing  we  all  agree  we  need.  My  cable  modem  provider,  Charter  Com¬ 
munications,  responded  to  the  Blaster  virus  last  summer  by  turning  off 
User  Datagram  Protocol  (UDP)  on  the  network.  Sure,  this  stopped  the 
Blaster  virus  from  spreading  on  its  network,  because  the  Blaster  virus 
used  UDP  to  find  other  potential  hosts  across  the  network.  But  in 
Charter’s  infinite  wisdom  to  protect  me  from  the  viruses,  the  company 
also  disabled  my  Trend  Micro  virus-protection  software’s  ability  to 
update  itself  over  the  network.  So  I  found  myself  cut  off  from  Internet 
resources  with  no  notification  and  no  clue  why 

At  some  point,  such  an  approach  crosses  the  line  from  being  a  valid 
response  to  a  problem  to  interfering  with  business.  It’s  one  thing  to  cut 
off  the  ability  to  send  out  blasts  of  e-mail,  but  another  to  stop  all  other 
email. The  same  is  true  with  turning  off  protocols  to  deal  with  viruses. 

Such  actions  substantially  affect  business  operations  and  cause  finan¬ 
cial  damage.  Until  recently,  there’s  been  some  degree  of  tolerance,  as 
people  recognize  the  overwhelming  issues  involved  in  dealing  with  the 
sheer  volume  of  spam  and  viruses.  But  it’s  time  to  force  those  who 
claim  to  be  protecting  us  from  spam  to  apply  the  same  principles  inter¬ 
nally  Yahoo  would  scream  all  sorts  of  things  to  Washington  if  AOL 
decided  to  cut  off  all  e-mail  from  Yahoo  subscribers  on  the  grounds 
that  one  Yahoo  server  was  sending  out  spam. 

This  is  a  class-action  lawsuit  waiting  to  happen.  ISPs  cannot  indis¬ 
criminately  throw  away  e-mails  —  e-mail  is  too  important.Those  prac¬ 
ticing  such  sweeping  solutions  need  to  reassess  the  impact  they  are 
having  or  be  ready  to  defend  against  a  range  of  legal  action. 

Briere  is  CEO  of  TeleChoice,  a  market  strategy  consultancy  for  the 
telecommunications  industry.  He  can  be  reached  at  telecomcatafyst 
@telechoice.com. 


spam 

It’s  one  thing  to 
cut  off  the  ability 
to  send  out 
blasts  of  e-mail, 
but  another  to 
stop  ail  other 
e-mail. 
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One  event  puts  you  at  the  core  of  enterprise  networking. 


Enterprise  networking  decision-makers  today  must  understand  all 
relevant  communication  technologies,  from  virtual  private  networks 
to  wireless  LANs,  storage  to  security,  applications  to  infrastructure. 
That's  why  SUPERCOMM  remains  the  premier  event  for  private 
and  public  sector  enterprise  leaders. 
Enterprise@SUPERCOMM  features  leading 
exhibitors  showing  a  vast  array  of  enterprise 
technologies,  it  also  includes  a  FREE  educational 
curriculum,  covering  key  enterprise  topics. 


And,  since  enterprise  decisions  encompass  the  total  range  of 
communication  technologies,  we  further  provide  a  window  into  Broadband, 
Converged  Wireless  and  the  entire  Global  Infrastructure.  As  a  result,  in  a  few 
days  or  even  hours,  you  can  get  a  comprehensive  view  of  interrelated 

trends  in  every  area  of  communications. 
Join  the  enterprise  network  leaders  who 
make  SUPERCOMM  a  must-attend  event. 
Take  advantage  of  FREE  registration  and 
surround  yourself  with  solutions. 


SUPERCOMM 


Explore  the  Whole  World  of  Communications 


June  20-24  2004  Exhibits  June  22-24  McCormick  Place  I  Chicago  IL  I  supercomm2004.com 


SUPERCOMM*  is  a  registered  trademark  of  the  Telecommunications  industry  Association  (TIA)  and  the  United  States  Telecom  Association  (USTA). 
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Digging  for  digital 


Continued  from  page  1 

The  purpose  of  the  lab  is  to  analyze 
evidence  gathered  at  crime  scenes 
involving  the  military  Whatever  crimes 
occur  in  the  civilian  world,  you  also  see 
in  the  military  It  could  be  homicide, 
child  pornography  ident¬ 
ity  theft,  counterfeiting, 
misconduct,  terrorism, 
espionage,  contractor 
fraud  or  misuse  of  gov¬ 
ernment  property 

With  these  crimes, 
there’s  often  digital  evi¬ 
dence  in  cell  phones, 
pagers,  PDAs,  geo-map¬ 
ping  systems,  digital  cam¬ 
eras,  cockpit  recording 
systems  and  anything 
else  with  flash  memory 
or  ROM. 

“We  estimate  that  95%  of  criminals 
leave  digital  evidence  at  the  scene,”  says 
Donald  Flynn,  attorney  adviser  for  the 
Defense  Department  Cyber  Crime 
Center,  which  houses  the  DCFL. 

That  evidence  must  be  able  to  stand 
up  in  court,  particularly  now  that  judges 
and  attorneys  are  becoming  savvy 
enough  to  start  asking  questions  about 
the  integrity  of  digital  evidence. The 
DCFL  addresses  this  through  rigorous 
training  and  advanced  tools  such  as  cer¬ 
tified,  high-capacity  extraction  and  imag¬ 
ing  processes  and  tools. 


Inside  the  lab 

My  tour  guide  at  the  high-security 
lab  pushed  a  button  at  the  double¬ 
door  entryway  into  the  lab  that  trig¬ 
gered  blue  ceiling  lights,  which 
blinked  incessantly  to  alert  techni¬ 
cians  that  unclassified  visitors  were 


on  the  premises. 

The  lab  includes  your  standard  office 
cubicles,  but  every  cube  is  outfitted 
with  state-of-the-art  processors,  multi¬ 
system  server  stacks  and  42-inch  flat- 
screen  monitors. 

“Some  of  the  evidence  comes  in  on 
pallets  —  cases  full  of  servers,  CPUs, 
RAID  disk  arrays,  floppy  diskettes,  Palm 
Pilots,  digital  cameras,”  says  special  agent 
Bob  Renko,  director  of  operations  for  the 
lab.“We’ve  even  gotten  evidence  in  buck¬ 
ets  of  water  —  for  example,  video  tapes 
recovered  from  jets  crashing  into  the  sea 
during  training  exercises.” 


dirt 

The  first  stage  in  evidence  extraction 
is  digital  imaging.This  is  trickier  than  it 
sounds  because  contents  can  be 
altered  in  the  process  —  such  as 
adding  a  date  stamp  when  copying  a 
hard  drive,  thus  tainting  the  evidence 
and  rendering  it  inadmissible. 

Then  there’s  the  sheer 
volume  of  data.  In  1999, 
analysts  examined  their 
first  terabyte-sized  case 
when  they  received  a 
palette  of  computers 
belonging  to  a  defense 
contractor  accused  of 
violating  Environmental 
Protection  Agency  guide¬ 
lines  in  its  handling  of 
toxic  waste.  If  analysts 
had  tried  to  use  technol¬ 
ogy  that  copied  and 
examined  one  drive  at  a 
time,  they  still  would  be  investigating 
that  case,  says  the  lab’s  director,  Lt.  Col. 
Ken  Zatyko,  special  agent  with  the  Air 
Force  Office  of  Special  Investigation. 

So  analysts  created  their  own  script, 
which  moves  images  of  all  the  media 
into  one  place.  In  this  location,  search¬ 
ing  and  extraction  is  conducted  across 
all  the  data  simultaneously  using  the 
same  search  phrase. 

Last  month, the  lab  received  several 
palettes,  containing  more  than  3T 
bytes  of  data  to  image  and  extract. The 
evidence,  which  filled  a  20-by-10-foot 
windowless  room,  required  its  own 


Securing 
the  digital 

crime 

scene 

Whenever  corporations  suspect 
legal  trouble,  they'll  need  to  pre¬ 
serve  digital  evidence,  says  Robert 
Goto,  senior  technical  forensics 
adviser  for  Electronic  Evidence 
Discovery  in  Seattle. 

At  the  very  least,  network  profes¬ 
sionals  should  know  who  to  call  if 
they  don't  have  the  legal  expertise 
to  manage  the  investigations  them¬ 
selves.  Along  with  companies  spe¬ 
cializing  in  digital  evidence  recovery 
such  as  EED  and  New  Technologies, 
the  Big  Four  accounting  firms  also 
offer  forensics  services. 

But  even  calling  in  the  experts 
requires  corporations  to  handle 
some  data.  So  Goto  offers  this 
advice: 

•  Take  custody  of  the  entire  com¬ 
puter,  including  keyboard  and  other 
peripherals,  floppy  diskettes  and 
other  removable  media  so  you  can 
show  that  what  you  took  was  a 
working  computer. 

•  Note  unique  identifiers,  label 
items  taken,  seal  smaller  items  in 
plastic  bags  and  place  in  a  secure 
area. 

•  Document  who  did  what 
throughout  the  chain  of  custody  for 
each  item  collected.  Maintain  logs 
of  where  you  are  keeping  records. 

•  If  the  computer  is  to  be  recircu¬ 
lated,  take  the  hard  drive  from  the 
machine  and  secure  it.  An  original 
makes  the  best  evidence. 

•  Then  make  a  forensically  sound 
image  of  the  hard  drive,  using  hard- 
ware-based  drive  imaging  tools  as 
opposed  to  a  write-blocking  soft¬ 
ware  tool.  (Tools  can  be  found  at 
www. eedinc.com  and  www.foren 
sics-intl.com.)  At  this  time,  also  note 
the  system  date/time  before  rese¬ 
curing  the  hard  drive. 

•  Other  data  sources,  such  as 
network  file  shares  and  e-mail 
located  in  server-based  e-mail  sys¬ 
tems,  must  be  considered  and  pre¬ 
served.  Data  throughout  the  net¬ 
work  is  the  most  difficult  to  gather 
and  analyze,  so  EED  has  created  a 
discovery  tool  for  this  widespread 
data  (www.eedinc.com/products 
,aspx?iProductld=2). 

—  Deborah  Radcliff 


DCFL:  Case  file 

►The  busted  boyfriend 

A  suspect  said  the  gun  used  in  the  murder  of  his  girlfriend  was 
stolen  earlier  that  day  from  his  car  by  someone  who  smashed  his 
right  passenger  car  window. 

A  video  technician  at  the  Department  of  Defense  lab  painstakingly 
upgraded  a  grainy  image  of  the  suspect’s  cartaken  from  a  military 
surveillance  camera  three  hours  after  he  claims  the  window  was  broken. 

Finally,  she  enhanced  the  image  to  provide  the  damning  evidence 
against  the  suspect:  light  refracting  off  an  intact,  passenger-side 
window.The  suspect  got  a  25-year  sentence. 
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■nted:  a 

few  good  forensics 
investigators 

The  Defense  Computer  Forensics 
Lab's  caseload  has  grown  each  year, 
in  2000,  the  DCFL  investigated  148 
crime  and  intrusion  cases.  In  2003, 
that  number  was  425.  Lt.  Col.  Ken 
Zatyko,  special  agent  with  the  Air 
Force  Office  of  Special  Investigation, 
expects  more  than  500  cases  in  2004. 
With  115  employees,  the  DCFL  has  a 
20%  vacancy  rate. 

The  DCFL  is  what  military  people 
call  a  “purple  agency,"  meaning  it's 
staffed  by  enlisted  people  from  all 
branches  from  the  military,  along  with 
non-military  personnel.  For  non-mili¬ 
tary  employees,  salary  ranges  from 
$30,000  to  $110,000  per  year,  says  Bob 
Renko,  director  of  operations  for  the 
DCFL. 

Entry-level  positions  are  mostly  in 
digital  imaging,  which  calls  for  skills 
and  knowledge  in  forensically 
accepted  techniques  and  tools  for 
copying  data.  From  there,  techni¬ 
cians  advance  to  data  extraction 
and  analysis,  intrusion  analysis  and 
information  assurance,  and  then 
onto  management. 

For  each  level,  employees  undergo 
rigorous  training,  testing  and  labora¬ 
tory  experience  that  takes  months  to 
complete.  Others  in  the  military  take 
the  training  with  them  to  conduct 
forensics  for  their  particular  branches 
and  units.  Courses  include: 

Intro  to  networks  and  com¬ 
puter  hardware:  The  basics  of 
operating  systems,  network  devices, 
connectivity,  topology  and  protocols. 

Basic  forensic  examinations: 
Understanding  computer  operating 
systems,  forensics  workstation 
setup,  and  analysis  of  Web-related 
evidence,  e-mail  and  deleted  file  and 
password  recovery. 

Advanced  forensic  examina¬ 
tions:  Covers  Windows,  comprehen¬ 
sive  Internet  analysis,  keyword 
searches  and  data  recovery  from 
encrypted  files,  metadata  and  erased 
files. 

Incident  responders  course: 

Includes  first-response  evidence  col¬ 
lection,  network  protocol  functions, 
routers  and  firewalls,  network  snif¬ 
fers  and  intrusion-detection  systems. 

Managing  computer  investi¬ 
gations:  Students  'earn  field  seizure 
methods,  forensics  procedures,  net¬ 
work  investigation  procedures,  man¬ 
aging  personnel,  legal  issues  and 
ongoing  personnel  training. 

—  Deborah  Radcliff 


storage-area  network. 

The  recovery  process  begins  with 
entry-level  technicians  checking  evi¬ 
dence  out  of  lockup. Then  they  create 
bit-stream  mirror  images  onto  cleaned 
hard  drives  to  prevent  contamination. 

They  make  the  copies  using  a  modi¬ 
fied  Linux  tool  dubbed  DCFL  Data 
Dump. The  tool  is  akin  to  private-sector 
imaging  tools  such  as  SafeBack,  which 
takes  a  mathematical  hash  of  the  image 
and  compares  it  to  the  original  hash  to 
prove  the  image  is  an  exact  replica. 

Grimes  and  misdemeanors 

The  busiest  unit  in  the  lab  is  Major 
Crimes  and  Safety  which  handles  crimi¬ 
nal  cases  involving  digital  media. The 
forensic  analysts  in  this  unit  work  in 
open  cubicles,  each  with  two  Windows 
2000  workstations,  one  to  search  the 
imaged  data  and  another  to  store  recov¬ 
ered  evidence  or  for  when  they’re  work¬ 
ing  two  cases  at  once. 

Renko  says  the  agency’s  extraction 
tools  work  in  a  forensically  sound  man¬ 
ner  across  computers  and  PDAs,  but 
become  problematic  when  it  comes  to 
cell  phones  and  pagers. 

“At  least  one  time,  we’ve  had  to  work 
directly  with  the  telephone  manufactur¬ 
er  to  successfully  retrieve  data,’’  he  says. 

For  computer  examinations,  the 
agency’s  standard  data  search  and 
extraction  suite  of  tools  is  called  iLook, 
which  is  licensed  by  the  Treasury 
Department.  A  private-sector  equivalent 
would  be  EnCase. 

Bill  (for  security  reasons,  analysts  are 
only  allowed  to  give  their  first  names) 
is  an  advanced  forensics  examiner  and 
former  metropolitan  detective  in 
Washington,  D.C.  He  explains  how  the 
tool  conducts  keyword  searches,  and 
reassembles  damaged  and  erased  files, 
e-mails,  attachments,  temporary  Inter¬ 
net  files,  data  files  and  renamed  files 
into  a  list  of  search¬ 
able  files. 

“Say  you  have  a 
contractor  using  sub¬ 
standard  explosive 
bolts,  which  are  criti¬ 
cal  to  pilot  safety 
because  they’re  what 
makes  the  cockpit  lid 
fly  off  in  an  emer¬ 
gency  ejection.  We 
know  the  cost  of 
quality  bolts  should 
be  about  $100.  We 
can  do  keyword 
searches  through 
their  accounting  sys¬ 
tems  on  ‘explosive 
bolts,’  to  see  what 
they’re  actually  pay¬ 
ing  for  them,”  Bill  says.“Or,  if  we  have  a 
child  porn  case,  we  can  order  up  a 
thumbnail  view  of  all  Internet  cached 
files  across  multiple  drives  to  see  what’s 
been  downloaded.” 

As  Bill  finishes  talking,  a  long  list 


of  files  appears  in  the  search  window 
of  his  workstation.  Six  suspicious  files 
are  highlighted  in  yellow,  indicating 
that  the  search  phrases  were  found  in 
those  files. 

Hardware  magicians 

Shortly  after  it  became  operational  in 


1998,  the  lab  received  a  classified  hard 
drive  that  seemed  impossibly  damaged. 
An  outside  firm  estimated  it  would  cost 
$250,000  to  repair.  Renko  balked. 

“We  figured  it  was  more  feasible  to 
train  our  own  people  to  repair  hard 


drives,"  Renko  says,  while  pointing  out 
lockers  where  evidence  is  stored  when 
not  being  processing. 

He  stops  in  a  small  room  with  two 
Plexiglas-enclosed  clean  areas  where 
technicians  have  soldered  mutilated 
floppies  and  repaired  hard  drives  that 
have  been  thrown  off  balconies  and 
even  shot  with  AK- 
47s,  as  in  one  recent 
battlefield  case.  The 
data  where  the  bullet 
holes  and  solder 
marks  are  can’t  be 
recovered,  but  the 
rest  can,  Zatyko  says. 

The  intrusion-analy¬ 
sis  squad  occupies 
the  rear  section  of 
the  lab,  where  exam¬ 
iners,  who  work  pri¬ 
marily  on  Linux  sys¬ 
tems,  investigate 
hacks  on  Defense 
Department 
networks. 

“Our  first  job  is  to 
find  out  how  the 
computer  was  intruded  upon  and  what 
data  was  accessed  by  the  intruder^ says 
“Sigj’who  was  recruited  from  his  job  as 
head  of  information  security  for  a  uni- 
versity.“For  the  information  assurance 
part,  we  tell  our  client  agencies  what 


DCFL  Case  file 

►The  watered-down  evidence 

If  you  watch  the  television  series  "CSI,”  you  might  think  forensics  work  is 
glamorous.  But  Melody,  a  forensics  video  examiner  who  used  to  work  for  a 
state  crime  lab  before  moving  to  the  DCFL,  says  it  can  be  highly  specialized 
and  very  tedious. 

Melody  works  with  state-of-the-art  video  analysis  software  programs  to 
enhance  marginal  and  damaged  video  images.  She's  received  melted,  crushed 
and  mangled  tapes  —  even  tapes  in  buckets  of  water  (for  example,  when  two 
aircraft  crashed  into  the  sea  during  a  training  session). 

“If  a  plane  goes  down  into  the  water,  I  request  that  the  training  tapes  be 
kept  in  water  until  they  get  to  me  where  I  can  dry  them  out  properly,”  she 
says.  "I  take  the  tape  out,  clean  it,  dry  it  and  put  it  back  together.The  safety 
board  needs  me  to  repair  these  tapes  so  they  can  determine  if  the  cause  of 
crash  was  a  training,  equipment  or  environmental  problem.” 
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their  entry  point  was  and  what  needs  to 
be  patched  to  protect  from  future  hacks.” 

Sig  pulls  up  an  advanced  tool  named 
Starlight.  A  multi-colored,  three-dimen¬ 
sional  map  pops  up:  Each  of  its  lines  rep¬ 
resent  a  separate  connection  made  into 
the  defense  network  and  each  color  rep¬ 
resenting  a  different  protocol. 

“We’ve  had  entire  underground  hacker 
ISPs  coming  at  us,”  Sig  explains.  Color-cod¬ 
ing  protocols  makes  it  easier  to  determine 
which  computer  is  sending  which  attack. 
“For  example,  the  exploit  in  this  case  ran 
over  HTTPS, so  we  color-coded  all  the 
HTTP  proxy  traffic  in  red. Then  we  can 
see  that  three  of  these  IPs  coming  at  us 
are  involved  in  that  type  of  traffic,”  he  says. 

In  this  case,  the  hackers  were  caught 
and  prosecuted,  and  the  entire  hacking 
group  disappeared  from  the  Internet 
underground,  he  says. 

As  examiners  trace  hackers  back  to  dif¬ 
ferent  hops  and  examine  those  boxes, 
they  run  into  new  variants  of  hacker  tools 
stored  on  those  computers  that  haven’t 
been  reported  by  tracking  services  such 
as  CERT  and  Bugtraq. 

DCFL:  Case  file 

►The  meandering  hubby 

A  man  called  911  to  report  that  he 
came  home  to  find  that  his  wife  had 
been  stabbed.  But  instead  of  saying, 

'Oh  my  God,  someone's  tried  to  kill  my 
wife,'  he  babbled  incoherently  on  the 
phone  for  15  minutes  while  his  wife  was 
bleeding  on  the  kitchen  floor. 

"Police  thought  his  reaction  wasn't 
normal,  and  they  wanted  to  know  what 
was  happening  during  the  911  call 
because  they  could  hear  noises  in  the 
background,"  says  Donald  Flynn, 
attorney  adviser  for  the  Defense 
Department’s  Cyber  Crime  Center  in 
which  the  DCFL  is  housed.  Were  those 
noises  the  sound  of  the  husband 
attacking  his  wife?  "Our  analysis  was 
able  to  prove  the  sounds  were  just  him 
walking  around  the  house  bumping  into 
things.Turns  out,  a  neighbor  did  stab  the 
woman.  She  later  recovered.” 


The  new  hacker  tools  are  added  to  the 
unit’s  malicious  logic  database,  which 
will  then  detect  them  if  they’re  used  in 
future  cases. 

Furthermore,  the  database  helps  ana¬ 
lysts  spot  similarities  when  multiple 
attacks  are  hitting  different  Defense 
Department  networks  at  the  same  time, 
indicative  of  a  large-scale  attack  by  one 
source.  Such  cases  are  then  reported  to 
the  Joint  Task  Force  on  Computer  Net¬ 
work  Operations. 

In  recent  months,  law  enforcement 
agents  from  Australia,  Canada,  Germany 
Hong  Kong,  Singapore,  the  U.K.and  other 
nations  have  toured  the  facility  to  better 
develop  their  own  cybercrime  units.  U.S. 
attorneys,  judges  and  law  enforcement 
agencies  also  frequently  call  for  technical 
clarification.  (For  example,  a  recent  call 
came  in  from  a  judge  who  needed  to 


know  the  difference  between  evidence 
recovered  from  a  cached  memory  vs.  evi¬ 
dence  found  in  a  file  on  the  hard  drive.) 

As  more  cases  involve  digital  evidence, 
the  need  for  sophisticated  digital  foren¬ 
sics  capability  throughout  the  legal  sys¬ 
tem  will  continue  to  grow,  says  Gail 
Thackery,  U.S.  Attorney  for  the  state  of 


Arizona. Thackery  has  prosecuted  a  num¬ 
ber  of  computer-related  crime  cases  and 
teaches  at  ACIS  International  Association 
of  Computer  Investigative  Specialists. 

“Fblice  used  to  worry  about  guns  and 
blood  and  chemical  evidence,  but  now 
every  case  in  America  has  a  computer  in¬ 
volved  in  it.The  legal  system  is  hungry  for  raddiff.com. 


experts  at  digital  evidence,” she  says. 

“So  computer  forensics  training  and 
careers  are  going  to  be  hot  for  a  long 
time,” she  adds. 

Raddiff  is  a  freelancer  writer  in  Cali¬ 
fornia.  She  can  be  reached  at  deb@ 
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Wireless  LAN? 

security  strategy?” 


that  already  carry  huge  data  loads?” 

"How  can  I  measure  my  real  TCO  and  Rol? 
More  important,  how  can  I  control  it?” 


Today  there’s  just  one  universal  truth  about  Wireless  LANs:  the  design,  management,  and  buying 
decisions  you  make  now  will  determine  the  effectiveness  of  your  enterprise  network  for  years  to 
come.  Which  is  the  top  reason  to  attend  Wireless  LANs:  Gaining  Strength,  Reaching  Farther, 
a  new  Network  World  Technology  Tour  event.  It  brings  together  the  intelligence,  innovations,  and 
solutions  you  need  to  move  confidently  forward. 

This  is  must-know  info.  Must-see  technology.  A  must-attend  event  you  cannot  afford  to  miss. 

While  attendance  is  free,  access  is  limited  to  network  professionals  who  reserve  in  advance. 

Register  now  and  gain  new  strength  and  greater  sophistication  for  the  future  of  your  Wireless  LANs. 

Advance  Reservation  by  Qualified  Professionals  is  Required  for 
Complimentary  Attendance 

Register  now  at  www.nwfusion.com/WLS4Al 
or  call  1-800-643-4668 
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To  join  sponsors  of  this  premier  Network  World  Event,  please  contact  Andrea  D'Amato  at  1  508-490*6520 
or  adamato@nww.com  for  free,  no-obligation  information. 
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Dell  hits  the  price/performance  mark 
with  new  Gigabit  Ethernet  switch 


BY  JOHN  BASS,  NETWORK  WORLD  LAB  ALLIANCE 


ith  the  outstanding  performance  numbers  and  extensive  feature  set 
offered  by  its  new  PowerConnect  6024  Layer  3  switch,  it’s  getting  easier  to 
hear  the  words  “Dell”  and  “Gigabit  Ethernet  switch”  in  the  same  sentence. 


3/8/04 


The  24-port  PowerConnect  6024  switch 
hit  the  streets  last  month  and  is  targeted 
for  data  center  server  connectivity,  wiring 
closet  aggregation  and  as  a  core  switch 
for  smaller  networks  or  branch  offices.  It 
features  serious  routing  protocol  sup¬ 
port,  physical  redundancy  quality  of  ser¬ 
vice  (QoS)  and  access  control  lists 
(ACL), all  for  about  $3,500.0ur  only  com¬ 
plaint  is  that  it  lacks  a  high-bandwidth 
stacking  backplane  that  would  improve 
its  overall  bandwidth  scalability 

The  switch  comprises  a  19-inch  box 
with  all  24  10/100/1000  ports  positioned 
on  the  front  of  the  unit.  For  administrative 
access,  it  has  a  serial  port,  but  it  also 
offers  a  10/100M  bit/sec  Ethernet  port  as 
an  optional  console  port.  This  alternate 
interface  is  much  faster  than  the  serial 
port  for  issuing  command-line  instruc¬ 
tions  and  means  you  don’t  have  to  dedi¬ 
cate  another  Gigabit  port  if  a  separate  ad¬ 
ministrative  network  is  mandated  for 
security  purposes. 

The  PowerConnect  6024  offers  a  typi¬ 
cal  bundle  of  Layer  2  features  including 
802. IQ  virtual  LAN  (VLAN)  support, 
802. lad  link  aggregation  support,  and 


OVERALt  RATING 


Results 


PowerConnect  6024 


Company:  Dell,  (800)  999-3355, 
www.dell.com  Cost:  $3,500.  Pros:  Great 
Layer  2  and  Layer  3  feature  sets;  excellent 
management  capabilities;  nearly  perfect 
performance.  Con:  No  stacking  features. 

Jhe  breakdown 

Performance  40%  4.5 
Configuration  and  management  30%  5 
Scalability  and  redundancy  20%  4 
Installation  and  documentation  10%  4 
TOTAL  SCORE  4.5 


standard  and  Rapid  Spanning  Tree 
capabilities.  At  Layer  3,  the  switch  sup¬ 
ports  Routing  Information  Protocol 
(RIP),  Open  Shortest  Path  First  (OSPF) 
and  Virtual  Redundant  Routing  Protocol 
(VRRP)  specs.  QoS  is  implemented  with 
eight  egress  queues  that  can  be  config¬ 
ured  with  strict  priority  or  Weighted 
Round  Robin  (WRR)  queue  servicing 
algorithms. 

Both  Layer  2  and  Layer  3  throughput 
tests  showed  near  wire-speed  perfor¬ 
mance  (See  How  we  did  it  at  www.nwfu 
sion.com,  DocFinder:  1023).  The  switch 
hit  99.3%  maximum  throughput.  At  7 
microsec  for  64-byte  packets  and  70 
microsec  for  1,518-byte  packets,  latency 
is  low  enough  to  support  most  enterprise 
applications. 

In  our  test  of  the  routing  features,  the 
PowerConnect  6024  handled  a  maximum 
of  2,050  RIP  routes  and  4,095  OSPF 
routes,  very  good  numbers  for  a  switch  of 
this  class.  Route  convergence  for  RIP  and 
OSPF  was  stable  and  adjusted  to  large 
changes  in  routing  information  with  ease. 

The  switch  can  implement  ACLs  based 
on  Ethernet  media  access  control 
address,  IP  address  and  TCP/User  Data¬ 
gram  Protocol  (UDP)  port  number.  As 
many  as  1,024  ACLs  can  be  configured 
within  the  switch  and  1,024  entries  can 
be  added  to  each  ACL.  We  didn’t  verify 
the  switch’s  ability  to  configure  1,024 
ACLs  with  1,024  entries  each  —  doing 
so  would  only  test  memory  con¬ 
straints.  But  we  did  configure  a  single 
ACL  with  1,024  entries, assign  that  ACL  to 
each  physical  interface,  and  run  Layer  3 
throughput  and  latency  tests.  Under 
these  conditions,  the  PowerConnect 
6024  only  reduced  its  throughput  to 
97.7%  for  64-byte  packets.  Latency  did 
not  change  significantly 

In  terms  of  QoS, the  PowerConnect  6024 
prioritizes  packets  based  on  802. Ip  prior¬ 
ity  values  or  differentiated  services  code 
point  (DSCP)  values.The  queue-servicing 
algorithm  can  be  configured  as  strict  pri¬ 
ority,  WRR  or  a  combination  of  both.  We 
tested  802.  Ip  and  DSCP  queuing  features 
and  found  that  the  queuing  algorithms 
operated  properly  for  both  strict  priority 
and  WRR. 


The  PowerConnect  6024  has  some  strong  features  such  as  routing  protocol  support,  physi¬ 
cal  redundancy,  quality  of  service  and  access  control  lists. 


Management 

Dell  offers  three  management  inter¬ 
faces:  a  Cisco-like  command-line  inter¬ 
face  (CL1)  accessible  via  the  serial  port 
or  via  Telnet;  its  own  Web-based  Open- 
Manage  Switch  Administrator;  and  the 
Dell  Network  Manager. 

The  Dell  OpenManage  Switch  Admini¬ 
strator  is  accessed  through  a  Web  brows¬ 
er  via  the  administrative  Ethernet  port  or 
a  configured  administrative  VLAN.  The 
Web  interface  was  responsive  and  easy 
to  use.  Configuring  and  viewing  large 
ACL  tables  was  easier  using  the  CLI. 

Dell  OpenManage  Network  Manager  ap¬ 
plication  — some  of  which  was  beta  code 
—  was  resource-intensive  and  slow,  but 
gives  a  lot  of  functionality  if  you  need  to 
manage  multiple  PowerConnect  switches. 

A  standard  edition  of  this  application 
can  be  downloaded  for  free  from  Dell’s 
Web  site,  but  the  company  offers  an 
advanced  edition  that  features  configura¬ 
tion  wizards  to  ease  the  setup  of  complex 
features  such  as  QoS  —  for  about  $5,000. 

The  PowerConnect  6024  has  three  con¬ 
figuration  files:  a  running  configuration 
file,  a  start-up  configuration  file  and  a 
back-up  configuration  file.  All  configura¬ 
tion  changes  must  be  copied  to  the  start¬ 
up  configuration  to  be  in  effect  after  a 
reboot.  If  there  are  problems  at  reboot,  a 
back-up  configuration  can  be  used  to 
back  out  of  a  network  change.These  con¬ 
figuration  files  can  be  moved  in  and  out 
of  the  switch  through  Trivial  FTP  The  files 
are  in  text  format  and  can  be  manipulat¬ 
ed  with  a  text  editor  outside  the  switch. 

The  PowerConnect  6024  can  hold  two 
software  image  files.  While  we  only  had 
one  image  to  work  with,  assuming  this 
feature  works,  backing  out  of  botched 
software  upgrades  should  be  fairly  easy 

The  reboot  time  for  the  switch  is  45 
seconds,  which  should  not  greatly  affect 
network  operations. 


The  PowerConnect  6024  includes  two 
built-in,  redundant  load-balancing  power 
supplies  and  two  redundant  system  fans. 
The  power  supplies  and  system  fans  are 
hot-swappable. 

It  also  has  link  aggregation  features 
(802. lad)  with  the  ability  to  configure  a 
maximum  of  seven  groups  with  seven 
links  per  group.  To  offer  redundant  rout¬ 
ing  features,  the  PowerConnect  6024  has 
VRRP  functionality  We  couldn’t  test 
802. lad  and  VRRP  capabilities  with  only 
one  switch. 

The  FbwerConnect  6024  doesn’t  have  a 
stackable  backplane  to  give  a  cluster  of 
switches  the  ability  to  scale  its  band¬ 
width.  Given  the  abundance  of  enter¬ 
prise-class  switch  features  in  the  Power¬ 
Connect  6024,  it  appears  that  high-speed 
stackability  should  be  the  next  frontier 
for  the  Dell  switch  product  line. 

Overall,  considering  the  PowerConnect 
6024’s  performance,  feature  set  and  man¬ 
agement  capabilities,  this  new  Dell 
switch  should  be  capable  of  supporting 
typical  enterprise-class  applications. 

Bass  is  a  senior  technical  staff  member  at 
North  Carolina  State  University's  Centen¬ 
nial  Networking  Labs  in  Raleigh,  N.C.  He 
can  be  reached  at  john_bass@ncsu 
.edu.  Chintan  Desai  and  Reza  Manavi  of 
CNL  assisted  with  the  testing. 
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CAREER  DEVELOPMENT 
PROJECT  MANAGEMENT 
BUSINESS  JUSTIFICATION 


Training  on  a  shoestring  budget 

IT  executives  share  smart  suggestions  for  boosting  IT  skills  without  breaking  the  bank. 


■  BY  LINDA  LEUNG 

Your  training  budget  probably  took  a  hit  in  the  IT  spending  squeeze, 
but  you’re  still  charged  with  providing  a  solid  IT  infrastructure  to 
ensure  your  company  stays  competitive. To  do  this,  your  staff  needs 
to  learn  how  to  innovate  with  existing  or  new  technologies. 

Standardize  your  IT  infrastructure  and  training. 

When  SBC  and  BellSouth  joined  forces  to  form  Atlanta-based  Cingular  in  2000,  the  com¬ 
pany  began  standardizing  on  technologies, such  as  databases,  which  has  helped  refine  its 
training  needs.The  company  also  has  defined  courses, such  as  project  management,  that 
are  applicable  to  staff  across  all  business  units.  Instead  of  each  unit  developing  its  own  pro¬ 
ject  management  courses,  for  example, 
training  needs  are  pulled  together  and 
courses  are  developed  so  that  all  depart¬ 
ments  can  share  the  results. 

Look  for  in-house  superstars. 

Who  else  are  experts  at  your  processes, 
infrastructures  and  developments  other 
than  your  in-house  staff?  At  lighting  man¬ 
ufacturer  Osram  Sylvania  of  Danvers, 

Mass.,  in-house  instructors  present  much 
of  its  training.  IT  staffers  are  responsible 
for  training  power  users  on  SAP.The  users 
in  turn  train  their  respective  teams. 

Osram’s  human  resources  executives  also 
provide  internal  training  to  IT  folks  on 
professional  development  and  leader¬ 
ship  management. 

“The  use  of  internal  instructors/subject 
matter  experts  makes  sense  because  who 
knows  how  we  use  SAP  better  than  our 
employees?” says  Ellen  Famigliette,  IT  train¬ 
ing  manager  at  Osram.  “Most  enterprise 
application  deployments  are  customized 
and  therefore  need  customized  training 
that  is  only  applicable  to  that  company.  In 
addition,  our  HR  trainers  understand  the 
hierarchy  of  employees  at  Osram.” 

Ask  your  big  brother  for  help. 

Ever  thought  about  how  you  could  roll  out  new  services  in  your  organization  without 
spending  a  dime  buying  all  the  necessary  equipment  and  technologies?  IT  staffers  at  the 
Career  Center  of  the  University  of  California  at  Los  Angeles  can  learn  about  and  work 
with  advanced  technologies  such  as  storage-area  networks,  Gigabit  Ethernet  and  Active 
Directory,  without  the  center  paying  to  install  such  applications  or  buying  specific 
courseware. 

Despite  budgetary  constraints  in  the  state  of  California,  Abel  Stephen,  the  centers  IT 
manager,  successfully  negotiated  for  the  larger  Office  of  Technology  Center  (OTC),  which 
offers  basic  networking  services  to  UCLAs  student  affairs  division,  to  provide  the  career 
center  with  the  advanced  technologies  listed  above.  This  initiative,  dubbed  Leveraged 
Outsourcing  of  Infrastructure  Support  (LOIS), helps  the  OTC  argue  for  the  maintenance  of 
its  budget  level  by  demonstrating  that  it  has  taken  on  wider  responsibilities. 


The  career  center  IT  staffers  benefit  because  they  can  work  with  and  learn  from  their 
OTC  colleagues  about  the  use  of  those  hot  technologies.“My  staff  are  rewarded  by  allow¬ 
ing  them  to  play  a  prominent  role  in  project-managing  each  implementation  phase  [of 
LOIS],”  Stephen  says.“Before,  my  staff  was  viewed  as  ‘tech  support.’  Now  they  will  have 
the  opportunity  to  transition  to  project  managers.” 

Negotiate  free  or  reduced-cost  training  from  your  vendors. 

“Every  vendor  wants  their  product  to  be  successful,  and  so  you  should  ask  them  to  help 
you  be  successful,”  says  Greg  Snooks,  director  of  IT  hardware  and  software  development 
at  Cingular.  He  says  companies  of  any  size  could  reduce  their  training  costs  by  a  mini¬ 
mum  of  20%  by  pressing  vendors  for  free  courses  or  training  credits.Snooks  advises  users 
to  buy  training  in  blocks,  instead  of  a  la  carte,  and  to  consider  bringing  the  instructors  to 
their  sites  so  they  can  train  more  people. 

Take  courses  online. 

You’re  probably  familiar  with  the  cost- 
benefits  of  online  training  over  classroom 
training  (no  travel  costs,  no  hotel/training 
rooms  or  catering)  but  computer-based 
instruction  is  not  suited  to  highly  techni¬ 
cal  training  that  requires  a  lot  of  interac¬ 
tion  between  instructor  and  student,  right? 
Not  necessarily,  as  Osram  demonstrates. 

The  lighting  manufacturer  has  taken 
offline  the  third  week  of  a  four-week  class¬ 
room-based  Six  Sigma  process-improve¬ 
ment  training  course  and  put  it  online. 
That  is,  the  students  —  Osram  process 
engineers  —  take  the  course’s  third  week 
on  their  computers  at  their  desks  using  a 
Web  conferencing  facility  from  Centra. 
The  facility  lets  them  interact  with  their 
instructor  and  colleagues  online. 

Steve  St.  Cyr,  quality  program  manager  at 
Osram’s  general  lighting  division,  chose  to 
place  that  particular  part  of  the  curricu¬ 
lum  online  because  it  involves  working 
with  software  that  is  easily  delivered  over 
online  training.  Putting  the  first  week 
online  was  not  a  good  idea  because  that 
time  is  crucial  for  the  students  and 
instructor  to  bond,  he  says. 

Osram  says  per  semester  it  trains  between 
20  and  30  process  engineers  from  its  20 
manufacturing  facilities  across  North  America  and  Mexico  on  the  Six  Sigma  methodology: 
The  company  says  it  has  saved  between  $32,000  and  $34,000  in  travel-related  costs. 

Sometimes  more  is  better  than  less. 

Consider  cross-training  your  team.  In  January,  Osram  made  available  100  e-learning 
courses,  including  Microsoft  Biz  Talk  Server  2000,  Visual  Basic,  Java  programmir  HTML, 
XML  and  a  range  of  Cisco  networking  courses,  to  its  100-plus  IT  staffing  roster.'!  V  courses 
are  not  meant  to  replace  instructor-led  training  but  to  encourage  people  to  train  for  dif¬ 
ferent  skills.  For  example,  a  programmer  could  try  his  hand  at  installing  Cisco  routers  or 
building  multi-layer  switched  networks  by  taking  a  course.  It  might  take  a  chunk  .  change 
to  buy  the  courses  and  put  them  online,  but  the  payback  of  having  a  team  of  >  ploy 
who  are  multi-disciplined  should  make  managers  happy  ■ 
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A  KVM  switch  allows  single  or  multiple  , :  ■  ,  : 

•  workstations  to  have  local  or  remote  access  to  . 

.  rbultfple  computers  located  in  server  rooms  or  ,  • ; 


SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 


:  /.  tra^rtionafly,'prdVided  cost  savings  in  reducing 
,'  jenergy  artct. equipment  costs  while  freeing  up 

Recognized  as’ the  .pioneer  of  KVM  switch  .  |||{ 

..  tephnoiogy;. Rose  Electronics  offers  the  /  ■  i :  kg 

industry 's;rnost  comprehensive  rarigeof 
.  server  management  products  such  as  KVM 
switches,  extenders  and  remote  eiccess 
solutions^  Rose  Electronics  products  are 
knowrt  for  their  quality;  scalability,  ease  of  use 
and  fhnovatiye.technotogyi  !  v-  ■'  - 

'MC  ■  . 

Rose  EiecfrpniCs/is'privateiy'  held  with  world- 
'  headquarters  in  Houston,  Texas  and  sells  its 
-/  /products  worldwide  through  a  large  network  of 
Resellers  and  Distributors.  Rose  has 
operations  in  the  United  Kingdom,  Spain, 

Germany,  Benelux,  Singapore  and  Australia. 


Rose  Electronics 
10707  Stancllff  Road 
Houstpn,  Texas  77099 

ROSE  US  +281  933  7673 

ROSE  EUROPE  +44  (0)  1 264  850574 

ROSE  ASIA  +65  6324  2322 

ROSE  AUSTRALIA  +617  3388  1540 
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RaekView™ 

KVM  RACK  DRAWER  WITH  KVM  SWITCH  OPTION 


UltraMatrix  Remote 

REMOTE  MULTIPLE  USER 
KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 


Connects  1,000  computers  to  multiple  user  stations 
over  IP  or  locally 

High  quality  video  up  to  1280  x  1024 
Scaling,  scrolling,  and  auto-size  features 
Secure  encrypted  operation  with  login  and  computer 
access  control 

Advanced  visual  interface  (AVI) 

No  need  to  power  down  servers  to  install 
Free  lifetime  upgrade  of  firmware 
Available  in  several  models 
Easy  to  expand 


UltraConsoie 

PROFESSIONAL  SINGLE-USER 
KVM  SWITCH  SUPPORTS  UP 
TO  1000  COMPUTERS 

•  Connects  up  to  1000  computers  to  a  KVM  station 

•  Models  for  4,  8,16  computers 

•  Advanced  visual  interface  (AVI) 

•  Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 

•  Connects  to  PS/2,  Sun,  USB,  or  serial  devices 

•  Converts  RS232  serial  to  VGA  and  PS/2  keyboard 

•  Free  lifetime  upgrade  of  firmware 

•  Security  features  prevent  unauthorized  access 

•  Full  emulation  of  keyboard  and  mouse  functions  for  automatic, 
simultaneous  booting 

•  Easy  to  expand 


800  333  9343 

WWW.ROSE.COM 


Who’s  Protecting 
Your  Network? 


GTA's  Firewall  Team 

Tough  Network  Security 

✓  Building  Firewalls  for  over  10  years 

✓  ICSA  4.0  Corporate  Certification 

✓  5  appliances  to  match  your  network  needs 

✓  Easy,  Flexible  Implementation  Options 

✓  IPSecVPN 

✓  Affordable  pricing 


•  T  T 


Global 
Technology 
Associates,  Inc. 


1-800-775-4GTA  •  www.gta.com  •  info@gta.com 
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Fingerprint  Authentication  Scanner 

AlterPatOio 


Enterprise  KVM  Solutions  Advanced  Console  Servers  Network  Management  Gateway 

AlterPath,MKVM  AlterPath™ACS  AlterPath™  Manager 

Cyclades’  data  center  management  solutions  offer  a  full  range 
of  security  features  across  its  entire  product  line  of  console  servers, 
power  management,  KVM,  biometric  scanner  and  network  management 
With  SSH  v2,  IP  Filtering,  strong  authentication,  event  logging  and 
data  logging,  Cyclades  can  make  your  network  into  a  secure 
heavyweight  contender  in  the  data  center  world. 

LINUX 


Intelligent  Power  Distribution  Units 

AlterPath,MPM 


For  a  FREE  white  paper  on  data  center  security,  please  visit  us  at  www.cyclades.com/securitywp 
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Servers,  routers,  and  other  electronic  equipment  sometimes 
“lock-up,”  often  requiring  a  service  call  to  a  remote  site  just  to  flip 
the  power  switch  to  perform  a  simple  reboot... 

The  NBB  “Mini”  Boot  Bar  Power  Switch,  gives  you  the  ability  to 
perform  this  function  from  anywhere! 

m  Web  Browser  Access  for  Easy  Operation 
B  Telnet  and  Serial  Access 
a  Encrypted  Password  Security 
B  Five  individual  Outlets 
H  Power-up  Sequencing 
m  On  /  Off  /  Reboot  Switching 
B  Versatile  Zero  U  Mounting 
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NETWORK  BOOT  BAR 


LOCATION:  NBB  live  Demo  Unit 
SWITCH  PANEL 


Firmware  Version:  1.01 
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Fewer  ewer  the  I  iternet.. 


western  telematic  incorporated 

5  Sterling  •  Irvine  •  California  926  1  8-25  1  7 


"Keeping  the  Net.. .Working!" 


Anywhere,  Anytime  Secure 
Console  Port  Management 


c  2004  Avocent  Corporation  Equinox  and  AVWorks  are  trademarks  or  registered  trademarks  of  Avocent  Corporation  or  its  affiliates.  All  other  marks  are  the  property  of  their  respective  owners. 


Available  in  8  and 
16-port  models. 

Call  for  more  details 
on  48-port  model. 


Windows  Server 
Unix  Server 
Switch 
Router 


Serial 


CCM1640 


Dial  Access  Client 


CCM  solutions  include: 


Telnet 


Client 


SSH 


Client 


AVWorks 


Client 


SSH  v2/Telnet  host 
Strong  authentication 
Offline  buffering 
SUN  break  safe 
In/out  of  band  access 
Point  and  click  access 


With  the  CCM  you  can: 


Be  organized 
Tighten  security 
Manage  users 
Establish  permissions 
Be  proactive 
Log  critical  events 


Local  Terminal 


product  evaluation,  call  1-800-275-3500  ext.  247  or  954-746-9000  ext.  247 


EQUINOX* 


an  Avocent  Company 


AVWorks™  management  software  and 
the.  CCM  console  manager  integrate 
with  Avocent's  KVM  over  IP  switches 
and  intelligent  power  controllers  to 
offer  total  data  center  management 
from  a  single  application. 


When  business  critical  servers  or  networks 
malfunction,  the  Equinox  CCM  console 
manager  gives  you  the  tools  to  securely 
and  quickly  restore  normal  functionality. 


Power  Devices  In  Rack 

Control 


Linux  Server 


Download  your  free  guide! 

8  Key  Reasons  Why  Administrators 
Rely  on  Console  Port  Management 
Solutions  at  www.equinox.com/ccm4 


For  a  30-day 


Reading  someone  else’s  copy  of 

NetworkWorld 


NetworkWorld 


Microsoft  users 


Apply  for  your  own 
subscription  today 

subscribenw.com/b03 


FREE  subscription 
(51  Issues) 


Apply  online  at: 

subscribenw.com/b03 


subscribenw.com/b03 

Apply  for  your 

FREE 

Network  World 
subscription  today! 
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buyuptime.  com 


Your  One-Stop  Shop  for  high  availability  products 


Network  Cables 

Cisco  and  Fiber 
Cabling 

Printer,  Modem 
VGA  Cables 
and  Adapters 

Enclosures 

Enclosure 

Accessories 

Power  Adapters 
Cooling  Solutions- 
Laptop  Accessories 


Rack  Accessories 

Power  Distribution 

Devices 

Security  Hardware 
Surge  Protectors 

UPS  Cables  and 

Accessories 

UPS  Management 
Peripherals 

UPS  Management 
Software 

UPS  Replacement 
Batteries 


High  Availability  Made  Easy  . . . . . 

BuyUptime.com  is  a  leading  supplier  of  end-to-end  UPS  power,  thermal  cooling,  and  management  solutions. 
Visit  us  today  to  find  the  high  availability  solution  that  is  right  for  you. 

Power  Protection  and  Management  Solutions! 

Starting  at ^ 

49*  ]  Power  Protection  Solutions  for 

Desktops  and  Server  Applications 


i$ 


•  Protects  your  hardware  and  data  by  supplying 
quality-grade  battery  back-up  power 

•  Robust  diagnostics  allow  network  administrators 
to  solve  problems  before  they  happen 

•  Protects  anything  from  desktops  and  single 
servers  to  fully  populated  racks 

Includes  Power  Management  software  with  purchase 
(excludes  refurbished  units) 


Network  Power  Management 
Accessories 


•  Power  Distribution  Units  -  metered  outlet 
strips  for  racks/enclosures  provide  alarm 
thresholds,  toolless  mounting  abilities 


•  ChargeUPS  -  APC  premium  Replacement  Battery  Unit 
with  2  year  warranty  extension  on  battery  and  UPS, 
plus  FREE  software  upgrade 

•  RBC  -  APC  premium 
Replacement  Battery 
Cartridges 

•Prices  include  standard  shipping 


Order  via  our  promo  page  and  save 

Visit  http://promo.buyuptime.com 
and  enter  Key  Code:  p988y 


Or  Call  Toll  Free: 

1-888-288-8843  to  order. 

Fax:(877)411-2080  •  e-mail :sales@buyuptime. com 

801  Corporate  Centre  Drive,  St.  Charles,  MO  63304  •  BY4A3EP-US 

©2004  Systems  Enhancement  Corp. 

All  Trademarks  are  the  property  of  their  owners. 


Custom  Management  Levels 


OBSERVER 


Remote  &  Hardware  Options 


Decode  over  500  protocols 
Long-term  network  trending  &  analysis 
Real-time  statistics 


REMOTE  NETWORKING  PROBES 

•  Fully  distributed 

•  Monitor  up  to  64  NICs  simultaneously 

•  New  levels  of  problem  solving  collaboration 


EXPERT  OBSERVER 


What-lf  Modeling  Analysis 
Expert  Analysis 
Connection  Dynamics 


GIGABIT  &  WAN  HARDWARE  OPTIONS 

•  Portable  analyzer  systems 

•  Rack-mount  Probes  ready  to  go 

•  Direct,  passive  link  for  independent  views 


OBSERVER  SUITE 


Complete  SNMP  device  management 
Supports  full  RM0N1,  RM0N2.  HCRM0N 
Web  Publishing  Reports 


US  &  Canada  Toll  free:  (800)  526-5958  •  Fax:  (952)  932-9545  •  UK  &  Europe:  +44  (0)  1959  569880 

•  One  Network  Complete  Control  Wired  to  Wireless  •  LAN  to  WAN 


NETWORK 

INSTRUMENTS 


OBSERVER 
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HAPPEN. 


www.networkinstrumpnts.com/nine 

©  2004  Network  Instruments.  LLC.  All  rights  reserved.  Observe  Rrawork  Instruments  and  the 
Network  Instruments  logo  are  registered  trademarks  o!  Network  Instruments,  U.C 


Introducing  Observer  9.0 

•  New  Application  Analysis 

•  Remote  probes  now  provide  multi-interface  and 
multi-session  support 

•  Industry-first  4GB  packet  capture  butter 

•  Wireless  Site  Survey  Modes 

•  Nanosecond  resolution 

•  Now  over  450  Expert  Events 

•  SNMP,  RM0N  and  now  HCRMON  support 


Test-drive  the  new  Observer  9.0  today  and  see  how  it  immediately 
finds  problems  you  didn’t  know  you  had,  optimizes  network  traffic 
and  provides  insight  for  future  planning.  Call  800-526-5958  for 
a  full  featured  evaluation  or  visit  our  website  at 

www.networkinstruments.com/nine 
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10/100  BaseT  Ethernet 

IP  for  HTML,  SNMP  S 
Telnet  Management 


RS-232 

Serial  Management 


Link  Port 

(daisy  chains  to) 

Expansion  Module 


SERVER 


SERVER 


SERVER 


SERVER 


SERVER 


SERVER 


Power  Control 

t 


U  Power 
snt  Over  IP 


Power  Tower  XL 

•  Outlet  Grouping  across 
power  circuits 

•  Input  Current  Monitor 

•  New  HTML  GUI 

•  Power-up  Sequencing 

•  Zero  U  vertical  and  Rack- 
mount  horizontal  models 

•‘j  n 

•  Add  a  second  Power  Tower 
to  manage  32  power-ports 


Sentry  Power  Tower. 
Equipment  Cabinet  Solutions 


Server  Technology,  Inc.  =2 

1040  Sandhill  Drive  Reno,  Nevada  89511  USA 
web:  www.servertech.com  toll  free:  1.800.835.1515 


SENSAPHONE® 

IMS 


Sends  Monitors  Embedded 

SNMP  64  Web 

Messages  IP  addresses  Server 


Sends 

E-Mail 


Power  Internal 

Outage  UPS 

Alarming 


„...,MS-aoao 

Tiaiat 


71 


Power 

Control 

Interface 


Ethernet 

Port 


Internal  Voice, 
Modem 
&  Pager  Port 


8  R|-45  Sensor  Inputs 

(Temperature,  Humidity, 
Water,  Motion,  Power, 
Smoke/Fire) 


Microphone 

for  Sound 
Monitoring 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 

•  Optional  camera 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 


- 

Phonetics,  Inc. 

Tel:  877-373-2700 

901  Tryens  Road 

www.ims-4000.com 

Aston,  PA  19014 

,0AS  •  cobalt 


W  WW,  R  E  C  UR  RENT.  C  O  M 


Systems/Features/Memory 

Cl‘  O 


GBlCs/Cables/Parts 

Also  Available:  Extreme,  Adtran 

In  Stock  •  Fast  Delivery  •  No  Expedite  Charges 

COMSTAR,  INC. 

The  #7  Network  Remarketer 

952*835*5502 

Fax  952*835«1927  www.comstarinc.com 
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J  Flow.  DMCMM 


RACAL 


Commurut sting  through  trthnoloqr 


If  it’s  on  the  K  !  WORLDWIDE  PROVIDER 

network,-*  *•  *  OF  NETWORK 

vye’ijre  got  it!  ■  |[  HARDWARE 

{  SINCE  1981! 

•  NetWork  Hardware 


THE  NETWORK  SPECIALISTS 

WRCA.NET 


Memory 


A 


Accessories  ^J| 

sales® wrca.net  -  (800)699-9722x102 


NetworkWorld 

THE  HUB  OF  THE  NETWORK  BUY 
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In  business  since  1989,  ASA  builds 
custom  computing  and  storage  solutions 
compatible  with  open-source  OS  (BSD,  Linux)  and 
'also  Solaris  and  Windows.  ASA  has  always  enjoyed  strong 
financial  stability  and  a  loyal  customer  base. 


ASA  Custom  Servers  and  Storage 

www.asacomputers.com  •  866-382-5263 

2354  Calle  Del  Mundo,  Santa  Clara,  CA  95054 

For  detailsAnquiries/customization  email  sales@asacomputers.com 

All  systems  are  pre-loaded  with  any  Ljnux/BSD  version/distribution  of  your  choice.  On-site  warranty,  cross-ship  options  available. 


MINI  SUPER  For  Clusters 


1U  14’  Depth 

1  of  2  Intel®  Xeon™  processors  2.4  GHz 

$1249 

Serial.  VGA.  USB  2.0,  Mouse.  Keyboard 

All  ports  Front  Accessible 

- - - y 

1  x  10/100.  1  x  Gigabit  LAN 

ST  jlllMi  •  •  ;j.,  jjjjj 

51 2  MB  DDR  ECC  (Max  8  GB) 

Options:  CD.  Floppy 

' - 

NO-FRILLS  STORAGE  SERVER 


$12,199 


6  TB  IDE/SATA  storage  in  5U  ! 

Dual  Intel©  Xeon™  processors  2.4  GHz 
512  MB  DDR  ECC  (Max  8  GB) 

6  TB  IDE  Raid  Storage 
Dual  Gigabit  LAN,  CD 

Options:  Serial  ATA  Drives.  Firewire,  DVD±RW, 
CDRW,  64-bit  OS  configuration,  Additional  LAN, 
Floppy.  Fiber  Gigabit 


8  HOT-SWAP  BAYS  IN  2U 


OU  WANT  COMPLETE  VISIBILITY. 


rmonTR 


MAKE  IT  HAPPEN. 


Remote  Monitoring  Solutions 

RMON  and  HCRMON  Probes 

You  want  remote  monitoring  solutions  for  visibility  into  every  part  of  your  network.  With 
RMON  and  HCRMON  Probes  from  Network  Instruments,  it’s  easy.  Convert  any  PC  into  a 
complete  remote  network  monitoring  data  collection  device.  Use  the  RMON  appliance 
(available  in  1U  and  4U  systems)  for  a  full  turn-key  solution.  Call  800-526-7919  for  more 
information  or  visit  our  website  at  www.networkinstruments.com/RMON. 


Full  compliance  with  RM0N1.  RM0N2  and  HCRMON 
High  capacity  RMON  Probes  provide  full-duplex  Gigabit 
capture  compatible  with  any  RMON  management  console  or 
collection  facility  (Observer*.  OpenView,  Concord 


NetScout’,  Micromuse"') 


Complete,  industry  standard,  software-based  probes  for 


Windows  2000/XP 


Software  based,  non-dedicated  data  collection 


Compatible  with  Network  Instruments'  optimized  ErrorTrak1,,! 


NDIS  drivers,  which  display  true  errors-by-station. 


One  Network  Complete  Control 


Wired  to  Wireless  •  LAN  to  WAN 


NETWORK* 
INSTRUMENTS 

US  &  Canada:  (952)  932-9899 

Toll  free:  (800)526-7919 

UK  &  Europe:  +44  (0)  1959  569880 


OBSERVER 


•  OBSERVE  ft' 

MpRobe 


O  2003  Network  Instruments,  LLC  All  nghts  reserved  Network  Instruments.  Observer.  ErrorTrak  and  the  Network  Instruments  logo  are  trademarks 
or  registered  trademarks  of  Network  Instruments.  LLC  All  other  trademarks,  registered  or  unregistered,  are  sole  property  of  their  respective  owners 


Stop  juggling  with 


ManageEngine” 

OpManager 

Network,  Systems  and  Application  Management 


Take  control  of  your  network,  systems  and  application 
infrastructure  before  it  controls  you.  OpManager  provides 
integrated  management  for  IT  infrastructure. 

Move  to  integrated  management  Try  OpManager  today... 


Available  for  Linux,  Solaris  and  Windows 


it  careers.com 


Project  Manager  Duties  include: 
Plan,  direct,  and  coordinate 
activities  of  complex  web  appli¬ 
cation  projects  for  both  in-house 
systems  and  outfacing  e-com- 
merce  marketing  and  business 
applications.  PM  will  identify 
business  targets  and  opportuni¬ 
ties  for  insurance  products  and 
financial  services:  design  and 
coordinate  development  of  web 
applications  for  target  markets; 
and  maintain,  troubleshoot  and 
enhance  existing  business  web 
applications.  PM  will  use  strong 
understanding  of  business  oper¬ 
ations  management,  financial 
and  marketing  communications 
theory  along  with  a  working 
knowledge  of  computer  systems 
design,  web  based  applications 
development.  programming 
tools  to  develop  e-commerce 
solutions  for  financial  and  insur¬ 
ance  products.  Daiiy  duties  may 
include:  review  and  formulate 
systems  scope  and  project 
objectives:  identify  role  and 
function  of  each  team  member; 
effectively  coordinate  the  activi¬ 
ties  of  the  team  and  project; 
identifying  appropriate  resource 
required;  communicate  and  con¬ 
sult  with  programmers,  systems 
analyst,  database  developers; 
create  and  review  status  reports; 
coordinate  project  activities  with 
activities  of  government  regula¬ 
tory  or  other  governmental 
agencies  where  required.  Min. 
Reqt's:  BS/BA  (foreign  equiva¬ 
lent  accepted)  in  Business, 
Marketing,  Operations  Manage¬ 
ment  or  MIS  and  2  yrs  experi¬ 
ence  in  job  offered  or  a  related 
occupation  (i.e.  e-commerce 
project  management  or  market¬ 
ing  communications  experi¬ 
ence).  MUST  also  possess:  (1) 
Demonstrated  experience  with 
Marketing  communications  pro¬ 
jects  involving  insurance  and 
financial  services  and  products; 
(2)  Strong  working  knowledge  of 
general  computer  systems 
design,  web  application  design, 
database  structure,  and  pro¬ 
gramming;  and  (3)  Dem¬ 
onstrated  knowledge  and  expe¬ 
rience  using  marketing,  finance 
and  iterative  project  manage¬ 
ment  methodologies  and  con¬ 
cepts  for  developing  e-com- 
merce  web  applications.  Basic 
pay  is  $80,404  per  year  FT  and 
standard  company  benefits. 
EEO.  Submit  2  resumes  and 
respond  to  Case  No.  2002- 
03499.  Division  of  Career 
Services,  Alien  Labor 
Certification  Unit,  19  Staniford 
Street,  1st  Floor,  Boston,  MA 
02114. 


Senior  Software  Engineer 
sought  in  Boston,  Massa¬ 
chusetts  area  for  development 
of  internet  based  software  for 
financial  and  administrative 
functions  of  healthcare  organi¬ 
zations.  Requirements  are 
Bachelor's  degree  in  engineer¬ 
ing  or  the  equivalent,  and  two 
years  experience  in  VB  / 
VBScript,  Java/JavaScript,  SQL 
Server,  System  Domain  admin¬ 
istration,  HTML/XML,  relational 
databases,  IIS,  networking, 
client/server,  Nt4. 0/2000,  and 
Microsoft  development  tools. 
Send  applications  to  Rec¬ 
ruitment,  Req  No.  2083,  P.O. 
Box  1070,  Burlington,  Vermont 
05402-1070 


DATABASE  DESIGN  ANA¬ 
LYST  sought  by  surgical 
clinic  in  Houston,  TX.  Must 
have  degree  &  exp. 
Respond  by  resume  only  to 
Exec.  Director,  L/H  -  #10, 
Town  &  Country  Plastic 
Surgery,  10565  Katy  Frwy, 
Ste  100,  Houston,  TX 
77024. 


IS  SYS.  STAFF  ANALYST 

Apply  knowledge  of  Siebel  prog, 
techniques  &  comp.  sys.  to  plan, 
dvlp,  test,  implement  &  docu¬ 
ment  comp,  progs.  Eval.  user 
requests  for  new  or  modified 
progs.  Make  site  visits  to  gather 
info.  &  analyze  sys.  reqmnts. 
Consult  w/users  to  identify  oper¬ 
ating  procedures,  clarify  pro¬ 
gram  objectives  &  leverage  fun¬ 
ctionality  of  Siebel  software  to 
address  critical  reqmnts.  Apply 
knowledge  of  industry  best-prac¬ 
tices  while  configuring  the  Sieb¬ 
el  software  &  dsgng  enhance¬ 
ments  to  optimize  processes. 
Utilize  all  components  of  Siebel 
dvlpmnt  environment  to  combine 
pre-dvlpd  software  objects  with 
customized  programming  to 
generate  applns  that  are  highly 
integrated  with  Siebel  sys.  Over¬ 
see  installation  of  hardware  & 
software.  Train  &  provide  tech, 
support  to  users  of  Siebel  prog. 
Monitor  performance  of  sys. 
after  installation.  Carry  out  pro¬ 
gramming.  debugging  &  trou¬ 
bleshooting,  as  weil  as  complete 
description  code  of  IDOC  & 
BAPI  Excel  based  on  SAP  R/3. 
Master's  deg.  in  Project,  Constr. 
or  IS  Mgmt  or  Comp.  Sci.  reqd  + 
2  yrs  exp.  in  position  offered  or 
in  Comp.  Sci.,  Bus.,  Constr. 
Mgmt  or  Math.  Must  have  exp. 
converting  applns  to  SAP  R/3 
software  (incl.  CO,  HR,  PP,  PI, 
MM  &  SD  modules)  utilizing 
Oracle,  ABAP/4,  BAPI  Excel  & 
Siebel  7/2000  computer  tools). 
High  mobility  preferred.  40  hrs/ 
wk.  OT  as  reqd,  8am  -  5pm, 
$68,000/yr.  Qualified  applicants 
submit  resumes  to:  Fayette 
County  CareerLink,  Attn:  Caree- 
rLink  Program  Supervisor,  135 
Waylan  Smith  Drive,  Uniontown, 
PA  15401.  Please  refer  to  Job 
Order  No.  396465. 


PM  software  projs.  -  Java,  C++, 
VB,  ASP,  PB,  Oracle,  Sybase. 
Utilize  RUP.  Critique  codes  in 
J2EE  (EJB,  JMS,  JNDI),  & 
OOAD.  Full  life  cycle  dev.:  sys¬ 
tem  anal.,  concept,  design,  pro¬ 
totype,  document,  implement, 
coordinate,  plan,  code,  test, 
budget  &  estimate.  Create/ 
maint.  proj.  plan  of  tasks/  sched¬ 
ule.  Interface  w/  client,  updates, 
&  channel  all  new  reqs ./  change 
requests  to  develop,  team. 
Budget  Ctrl.,  bills  &  collection. 
Present  resource  issues,  perf., 
client  concerns  &  status  to  inter¬ 
nal  mgmt.  Get  client's  b/z 
needs,  build  prof,  relationships, 
&  new  sales.  Comply  w/  SEI 
CMM  Level  5  QA  guide.  BS  in 
Comp.  Apps  +  5  yrs.  exp.  in  job 
duties  +  3  yrs.  QA  exp.  in  SEI 
CMM  level  5.  Comp,  salary. 
Apply:  Core  Concept,  1000 
Abernathy  Rd„  #1010,  Atlanta, 
GA  30328  with  proof  of  perm. 
Work  authzn. 


Applications  Programmer 
for  NE  OH  to  analyze  user 
req.,  procedures  &  prob¬ 
lems  to  automate  process¬ 
ing/improve  existing  com¬ 
puter  system;  troubleshoot; 
eval.  existing  IS  for  effec¬ 
tiveness.  Bachelor's  Deg¬ 
ree  in  Information  Systems. 
Resumes  to:  HR,  Custom 
System  Company,  6670  W. 
Snowville  Rd.  Cleveland, 
OH  44141.  EOE.  No  calls. 


Seeking  qualified  applicants  for 
the  following  positions  in  Orlando, 
FL:  Senior  Programmer  Analyst. 
Formulate/define  functional  req¬ 
uirements  and  documentation 
based  on  accepted  user  criteria. 
Requirements:  Bachelor's  degree 
or  equivalent*  in  computer  sci¬ 
ence,  MIS,  mathematics,  engi¬ 
neering  or  related  field  plus  5 
years  of  experience  in  systems/ 
applications  development.  Exp¬ 
erience  with  C  and/or  C++,  Java 
and  RDBMS  also  required. 
"Master's  degree  in  appropriate 
field  will  offset  2  years  of  general 
experience.  Submit  resumes  to 
Sibi  George,  FedEx  Corporate 
Services,  1900  Summit  Tower 
Blvd.,  Suite  1400.  Orlando,  FL 
32810.  EOE  M/F/D/V. 


SOFTWARE  ENGINEER  to  pro¬ 
vide  on-site  consultancy  in 
design,  development,  cus¬ 
tomization,  testing  and  mainte¬ 
nance  of  e-commerce  web- 
enabled  applications  software 
using  .Net,  CSharp,  ASP, 
ADO. Net,  ActiveX,  COM/DCOM, 
HTML/DHTML,  XML,  MTS,  IIS, 
PL/SQL,  Rational  Rose,  VB  and 
related  technologies;  provide 
software  support  on  Windows 
2000,  Internet  Information 
Server,  Oracle  and  SQL  Server. 
Require:  Bachelor  (or  equiva¬ 
lent)  in  Management  Information 
Systems/Computer  Science  with 
five  years  experience  in  the  job 
offered  or  any  experience  pro¬ 
viding  skills  in  described  duties. 
40%  travel  required  to  client 
sites  within  the  United  States. 
Salary:  $65,000  per  year,  40- 
hour/week,  9  am  to  5:30  pm,  M- 
F.  Apply  with  resume  to: 
President,  K2  Technologies, 
Inc.,  2107  Franklin  Drive, 
Papillion,  NE  68133. 


Software  Engineer:  Design, 
code,  customize  &  integrate  s/w 
components  into  wireless  prod¬ 
ucts.  Design  &  develop  applica¬ 
tion  level  s/w  for  Bluetooth  pro¬ 
files,  IrDA,  USB  connectivity 
modules  using  C,  C++.  Develop 
applications  that  communicate 
with  non-PC  network  products 
such  as  digital  handsets,  PDAs 
and  commercial  test  equipment. 
Bach's  deg  in  Comp  Sci, 
Physics  or  Elec  Engrg  reqd  +  1 
yr  exp  in  job  offered.  Send 
resume  to  Panasonic  Mobile, 
1225  Northbrook  Parkway,  Suite 
2-330,  Suwanee,  GA  30024, 
Attn:  Debbie  Greer,  PL. 


Programmer  Analysts  -  Design, 
Develop  and  Maintain 
Enterprise,  Web,  and  Portal 
applications  in  Java  and/or  VB 
Database  Administrators 
Oracle  DBA  activities, 
logical/physical  design  of  data¬ 
base. 

Software  Engineers  -  Prepare 
report  design,  functional,  pro¬ 
gram  specifications  &  deploy 
using  Brio  Enterprise  Server  6.5 
and  ETL  development.Min  Edu- 
Bachelor's  Degree  or  equi,  Min 
Exp-2  yrs.  Job  may  involve 
working  at  various  locations 
throughout  the  US.  Please  send 
resumes  to  Attn:  HR, 

Tekessence  Inc  .  1001  Office 
Park  Road,  Suite#107  West  Des 
Moines,  IOWA  50265 


Information  Management  Res¬ 
earch  seeks  applicants  for  the 
position  of  Computer  Systems 
Analyst  in  Englewood,  CO  to 
design  and  perform  quality 
assurance  testing  on  document 
management  software  products 
customized  for  Japanese  and 
other  international  customers. 
Requirements  for  the  position 
include  a  bachelor's  in  computer 
science,  computer  engineering 
or  closely  related  field  and  work¬ 
ing  knowledge  in  testing  docu¬ 
ment  management  products  and 
in  Alchemy  and  Microsoft  Frame 
Works.  Respond  by  resume  to 
Peter  Galligan,  Information 
Management  Research,  6025  S. 
Quebec  St.,  #260,  Englewood, 
CO  80111. 


Programmer  Analyst  need¬ 
ed  w/exp  in  web  applica¬ 
tions  using  J2EE,  C++, 
Windows  NT,  Unix,  Oracle 
Suite  products,  customiz¬ 
ing  records,  panels,  pages 
&  menus  using  Peoplesoft 
HRMS,  Peoplecode,  SQR, 
People  Tools,  SQL  & 
Oracle  environment.  Mail 
resumes  to;  Compu-lnfo, 
410  Kingston  Road,  #2A, 
West  Kingston,  Rl  02892. 


Turing  Consultants,  Palantine,  IL 
based  IT  company  has  multiple 
openings  for  exp'd  Computer 
Professionals  w/relevant  educ. 
&  exp.  to  analyze,  devlp.  sprt, 
test,  maintain  IT  projects  w/fol- 
lowing  skills:  VB,  VB  Script,  Perl, 
Erwin,  COBOL.  PL/SQL,  C, 
C++,  VC++,  I  Planet,  ASP.  Web 
techn.:  HTML,  DHTML,  XML, 
UML,  Websphere,  Weblogic,  E- 
business  intelligence,  GUI  tools, 
ORACLE-RDBMS,  ASP.  JAVA 
Technologies,  (JDBC,  J2EE, 
EJB,  Java  Script).  Operating 
systems:  Sun  Solaris,  Unix, 
Linux,  Rational  Rose,  Crystal 
Reports,  PowerBuilder.  Offering 
top  $$+bnfts.  40%  travelling  to 
client  sites  req'd.  Resumes  to: 
1024  N,  Cardinal  Drive, 
Palantine,  IL  60074. 


Computer  Programmer  Analyst 
Full  time  position  to  work  as 
Computer  Programmer  Analyst, 
needs  knowledge  of  Business 
Intelligence  tools  (Brio,  Business 
Objects,  Cognos),  data  ware¬ 
housing  and  data  mining  con¬ 
cepts,  Enterprise  reporting,  ex¬ 
perience  in  Customer  relation¬ 
ship  management,  Siebel,  profi¬ 
ciency  in  programming,  SQR, 
Java,  PL/SQL,  C  ++  and  famil¬ 
iarity  with  one  of  the  relational 
databases  Oracle  or  Sybase, 
automated  testing  tools  like  mer¬ 
cury/rational.  Requires  Bachel¬ 
or's  degree  in  Engineering  or  CS 
or  CIS  or  equivalent  and  2  years 
of  experience  in  the  job  offered. 
Applicants  send  resume  to 
Pyramid  Consulting  Inc,  8665 
Providence  Drive,  Noblesville, 
IN  46060. 


CGI  Inform.  Sys  &  Management 
Consultants,  Inc.  is  looking  for 
Sr.  IT  Consultant  to  develop  web 
portal  applications  using  Oracle 
9IAS,  data  warehouse  using 
pi/sql,  reports6l  &  discoverer. 
Min.  MS  plus  exp.  of  Oracle 
X/8/9,  9IAS,  PL/SQL.  Java¬ 
Script.  Contact  lisa.halter@ 
cai.com.  No  calls.  EOE 

Innovative  Consulting  is  looking 
for  program  or  system  analysts, 
IT  engineers.  Candidate  must 
have  BS/MS  degree.  Travel  is 
required  for  some  positions. 
Skills  in  C/C++,  VB,  Oracle, 
SQL,  SAP,  WebSphere,  Java 
are  plus.  Good  salary.  Please 
send  resumes  to  info@icscorp 
usa.com.  EOE 


Network  Project  Coordinator:  for 
Healthcare  Mgt.  S/ware  dvlpmt. 
Effect  cross-cultural  communi¬ 
cation  in-house  &  for  out¬ 
sourced  s/ware  projects.  Intense 
client/vendor  (India)  liaison/con¬ 
sulting  expected.  Analyze  med¬ 
ical/institutional  requirements, 
incl.  business/  staffing/insurance 
inputs;  integrate  process-centrd 
web-enabled  s/ware.  Plan, 
report  &  delegate,  optimize  dsgn 
elements  &  apps  w/in  time/bud¬ 
get.  Req'd:  5  yrs  exp.  s/ware 
mgmt.,  Bach  in  Mgmt  &  Admin 
w/  certifs.  in  Microsoft  Net¬ 
working,  Windows  NT.  Resume 
ONLY:  #NPC,  Velos,  Inc.,  2201 
Walnut  Ave.,  #208,  Fremont,  CA 
94538.  An  EOE  employer. 


Want  a  new 
IT  career? 


Check  out  our  jobs 
in  the  combined 


CareerJournal.com 

database. 


www.itcareers.com 


IT  Careers 
Wants  You! 

Take  the  hassle  out  of 

job  searching  and 

check  us  out  at 

www.itcareers.com. 

Today,  more  than  ever, 
the  right  skills  fuel  the 

new  economy  and  IT 

Careers  wants  you  to  be 

there.  Check  us  out  at: 

www.itcareers.com 
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Systems  Analysts  to  provide  in 
depth  analysis,  design,  devel¬ 
opment  and  testing  services  for 
database  development  projects; 
perform  project  scoping,  project 
planning,  project  time  and  cost 
schedules,  quality  of  deliver¬ 
ables  and  study  and  evaluate 
new  technologies  and  method¬ 
ologies;  provide  business  guid¬ 
ance  for  complex  user  prob¬ 
lems;  guide  teams  by  providing 
methodologies  to  be  followed; 
interact  with  clients  on  project 
related  issues.  Require  Masters 
degree  or  foreign  equivalent  in 
Computer  Science  or  Business 
Administration.  High  salary,  f/t 
position.  Travel  involved.  Res¬ 
umes  to  HR,  Smartsoft  Interna¬ 
tional,  Inc.,  4898,  South  Old 
Peachtree  Rd,  Norcross,  GA 
30071. 


Windows  System  Cons¬ 
ultant  wanted  by  reseller  of 
accounting/fin.  bus.  appl. 
S/W.  Requires  B.S.  or 
equiv.  in  Comp.  Sci.  plus  2 
years  exp.  including 
Windows  NT.  Reply  to  H.R., 
Fantasia  Technology  Part¬ 
ners,  LLC,  25  Lincoln  St., 
Framingham,  MA  01702. 


Systems  Architect  for  IT  systems 
and  customized  applications 
provider  in  Roswell,  GA. 
Minimum  four  years  experience 
designing  systems  architecture 
and  databases  using  JCL,  ASP 
and  SQL,  including  conducting 
business  and  systems  integra¬ 
tion  analysis,  designing  applica¬ 
tions  in  client/server,  n-tier, 
intranet,  extranet  and  web  envi¬ 
ronments,  integrating  main¬ 
frame,  legacy  and  windows  sys¬ 
tems  and  providing  testing  and 
training  support.  Send  resume 
to  Netwise,  Inc.,  Attn:  Human 
Resources,  130  Winterberry 
Court,  Roswell,  GA  30076. 


Jr.  Software  Programmer. 
Assist  in  writing  &  testing 
comp,  programs  using  C, 
C++,  Javascript,  Visual  Basic 
(incl.  VBScript  &  VBA),  trans- 
act-SQL,  SQL  server  2000 
DBA,  Perl,  ASP,  HTML,  Java¬ 
Script,  XML  &  Crystal  Reports 
in  NT/Windows  2000  in  a 
multi-tiered  envir.  Req:  BS  in 
Info.  Tech,  or  Comp.  Sci. 
40hrs/wk.  Job/Interview  Site: 
Woodland  Hills, CA.  Send 
resume  to  Finity  USA,  Inc. 
@22123  Martinez  Street, 
Woodland  Hills,  CA  91364, 


Sr  Test  Engineer  needed  in 
Fayetteville,  GA  to  plan  support 
software  verification  &  UNIX  8 
mainframe  testing  of  complex 
revenue  accounting  project. 
Support  test  cases,  test  scenar¬ 
ios  &  reqs  verification  &  trace- 
ability  matrices.  Establish  test 
beds,  test  scripts,  &  test  docu¬ 
mentation,  to  include  test  strate¬ 
gies.  application  cross-refer¬ 
ences,  test  case  design,  test 
case  execution,  test  reporting  & 
test  evaluation.  Tools:  UNIX, 
MVS,  DOS,  Windows  NT,  JCL, 
4GL,  TSL,  ISPF,  TSO,  JES2, 
SDSF,  RACF,  ACF2.  REQS:  3 
yrs  exp.  in  job  offered.  Please 
forward  resume  to  D.  Gelinas, 
Genisys  Engineering  Corp.,  100 
Havenbrook  Ct,  Fayetteville,  GA 
30214.  No  calls  of  faxes  please. 
EOE. 


Software  Consultants  needed  at 
client  sites  to  dvlp  applic  using 
MVC  (Model  2)  architecture 
dsgn  &  dvlp  authentication 
systm  in  Weblogic.  Tools  used: 
J2EE-Java,  Servlet,  JSP,  JSTL, 
EJB,  JMS,  RMI,  JSF,  JESS 
engine,  Velocity,  STRUTS, 
Taglibs,  ANT,  JBuilder,  Web- 
Logic,  WebSphere,  Iplanet,  IBM 
MQ  Series,  C/C++,  Oracle, 
Lotus  Notes,  Domino  Server, 
Telnet  API,  MochaSoft,  Unix, 
ASP,  IIS.  VB.  Apply  to:  Global 
Consultants,  Attn:  Hireme,  25 
Airport  Rd,  Morristown,  NJ 
07960. 


Matrix  Management  Systems, 
Inc.  is  looking  for: 

Programmer  Analyst:  Should 
have  a  bachelors  degree  in 
computer  science/related  field 
with  3+  years  of  experience  in 
the  following:  .Net  Architect, 
VB.NET,  ASP.NET,  C#  Architect, 
VB6.0.  ASP,  XML,  XSL,  SQL 
SERVER  7.0/2000,  Oracle,  Cold 
Fusion,  Clear  Quest,  VC++, 
DB2,  CICS,  COBOL.  Rational 
Rose,  WinRunner  and  Load- 
Runner.  We  accept  foreign  edu¬ 
cation  equivalent  of  the  degree, 
or  the  degree  equivalent  in  edu¬ 
cation  and  experience.  Send 
Resume  to  Attn:  HR,  932D, 
Atlantic  Ave,  Hoffman  Estates, 
IL  60194. 


Synergy  has  multiple  openings 
for  IT  professionals.  Qualified 
applicants  must  have  BS  with 
substantial  experience.  Strong 
background  in  SAP,  SQL,  ERP, 
VB,  TCP/IP  Suite,  Oracle  is  plus. 
Send  resumes  to  hr@synergy- 
com.com.  Travel  is  required  for 
some  positions.  Sponsor  GC. 
EOE. 

CMS  (Customer  Management 
Systems)  has  openings  for  expe¬ 
rienced  IT  professionals  to  pro¬ 
vide  full  life  cycle  IT  &  business 
solutions  to  clients.  Quali¬ 
fications  include  BS  with  experi¬ 
ence  using  SQL,  EJB,  JSP.  UML, 
OOP/OOD,  Lotus,  Java,  VB,  etc. 
Apply  at: 

cms@earthdome.com.  EOE. 

No  Calls. 


Delasoft,  Inc.,  IL  based  IT  com¬ 
pany  seeking  Computer 
Professionals  (multiple  open¬ 
ings),  w/relevant  edu.  &  exp.  to 
analyze,  devl.,  design,  test,  sprt, 
maintain  IT  Projects,  w/following 
skills:  Java  technologies,  Web 
Tech  (Web  Sphere,  Web  Logic, 
XML,  HTML,  DHTML,  UML); 
Unix,  Linux,  Solaris,  Sybase, 
Oracle  databases;  Testing/QA 
tools:  WinRunner,  LoadRunner. 
TestDirector,  Silk  GUI  &  Rational 
Rose  Tools,  SQL  server.  C,  C++, 
CICS,  COBOL,  SQL/PLSQL 
Languages;  ABAP,  SAP.  BAAN, 
Siebel,  TCP/IP,  ERWIN  &  Win. 
envrmnts.  Offering  top  $$+bnfts. 
40%  traveling  to  client  sites  in 
US.  Resumes:  2200  S.  Main 
Street,  Suite  111,  Lombard,  IL 
60148. 


Computer  Professionals  (pro¬ 
grammer,  system  analyst,  soft¬ 
ware  or  project  engineers)  want¬ 
ed  E-Con.  Candidates  must  have 
minimum  BS  or  equivalent 
degree  with  IT  experince.  Use 
Weblogic  6.0  Application  server, 
Java  Servlets,  XML.  Please  send 
resumes  to:  hrd@goecon.net. 
EOE.  No  calls. 

Global  Consulting  is  looking  for 
programmer/system  analysts, 
software  engineers.  Candidate 
must  have  BS  with  IT  experience. 
Good  skills  in  C/C++,  Java, 
Oracle,  EJB,  J2BB,  WebLogic, 
VB,  HTML  are  plus.  Traveling  is 
required  for  some  positions. 
Apply  job@g-c-g.net  EOE.  No 
calls. 


Data  Consulting  Group  is  looking 
for  software  engineers/program¬ 
mers  to  develop  security  infor¬ 
mation  service  system  using  VB, 
Oracle  based  on  client/server. 
Minimu  BS  with  experience  using 
Oracle,  VB,  Crystal  Reports. 
Please  send  resumes  to: 
recruiter@dcgroupinc.com. 
EOE.  No  calls. 

Senior  IT  consultants  (s/w  engi¬ 
neer  or  system  analyst)  wanted 
by  MD  Soft,  Inc.  Duties  include 
implementation  of  Siebel  appli¬ 
cations,  programming.  Must 
have  BS  plus  experience  using 
Siebel,  Oracle,  Powerbuilder. 
Sponsor  Hi/Green  Card.  Please 
apply  at  mdsoftinc@yahoo.com. 
EOE 


Computer  Software  Engin¬ 
eer,  Las  Vegas,  NV.  Dvlp/ 
create/modify  computer 
aplctns  software/spclzd  ut¬ 
ility  prgrms.  Analyze  user 
needs/dvlp  software  solu¬ 
tions.  Design/customize 
software  for  client  use. 
Work  individually  or  crdntg 
database  dvlpmt  as  part  of 
team.  2  yrs  exp.  Send  res: 
Choopa.com,  1  Bethany 
Road,  Bldg  2,  Suite  24, 
Hazlet,  NJ  07730,  D. 
Aninowsky. 


E  Computer  Technologies,  Inc., 
is  a  computer  and  technology 
solutions  provider  of  business- 
to-business  and  E-commerce 
application  implementation  and 
integration  services  specializing 
in  E-purchasing  systems  Our 
company  currently  has  openings 
for  the  following: 

Programmer  Analysts:  Design 
and  develop  financial  based 
applications  using  client  server 
technology,  n-tire  technologies 
with  Oracle  8i,  Oracle  ERP,  SY¬ 
BASE  databases  using  J2EE, 
WEBLOGIC  7,  Netscape  and 
Enterprise  Server,  IBM  MQ  Ser¬ 
ies,  Extensible  Style  Sheet  Lan¬ 
guage  Transformations,  Unified 
Modeling  Language  for  design, 
and  object-oriented  analysis  and 
design.  Design  product  features 
to  meet  requirements  and  per¬ 
form  quality  tests  for  new  and 
existing  features.  Use  knowl¬ 
edge  of  market  and  accounting 
principles  to  develop  software. 
Need  Bachelor’s  degree  in  Com¬ 
puter  Science  or  Engineering. 
Need  2  yrs  of  exp. 

Send  Resume  to:  E  Computer 
Technologies,  Inc,,  777  S. 
Central  Expressway,  Ste  #4-F, 
Richardson,  TX  or  via  e-mail  at: 
jobs@ecomputertech.com. 


Computer  Professionals,  exp'd 
(multiple  openings)  sought  w/rel- 
eyant  Bachelors  or  Masters 
depending  on  position  &  exp  in 
QA,  VB  Script,  Perl,  Erwin,  C, 
C++,  VC++,  I  Planet,  ASP, 
HTML,  DHTML,  Java  Script, 
Sybase,  Oracle,  SQL  Server, 
SQL,  T-SQL,  MS  Access, 
Business  Objects,  Crystal 
Reports,  DB2,  Windows  NT. 
CEML,  Linux,  IIS.  Unix.  PL/SQL, 
Cognos,  Brio,  ODBC 
Connectivity,  Netscape  Enter¬ 
prise  Server.  Application  Server 
of  Cold  Fusion,  Data  Modelling, 
Informatica,  ETL  application,  e- 
business  intelligence.  Data¬ 
warehousing,  SAS,  ERP,  CRM, 
RDBMS  -  Oracle;  GUI  Tools, 
ASP,  J2EE,  JSP.  JDBC  Java 
Script,  EJB,  Web  Sphere, 
WebLogic,  ASR/TTS,  CTI.  40% 
travel  to  client  sites  req'd. 
Resumes  to:  JCG  Technologies, 
Inc.,  477  Congress  St,  5th  FI, 
Portland,  ME  04101. 


Systems  Analyst  -  Analyze  user 
reqmts,  procedures  &  problems 
to  automate  processing  &  to 
improve  existing  computer  sys¬ 
tem.  Confer  w/personnel  invol¬ 
ved  to  analyze  current  opera¬ 
tional  procedures,  ID  problems 
&  learn  specific  input  &  output 
reqmts  such  as  forms  of  data 
input,  how  data  is  to  be  summa¬ 
rized  &  formats  for  reports. 
Upgrade  system  &  correct  errors 
to  maintain  system  after 
implmtn.  Prep  time  &  cost  esti¬ 
mates  for  completing  projects. 
BS  in  Electronics  or  Comp  Engg 
&  2  yrs  exp  reqd.  40hr/wk,  9a- 
5p,  $1 7.63/hr.  Send  resumes  to 
Rene  Gaviola,  OLRA  Educa¬ 
tional  Foundation,  10101  Harwin 
Dr,  #125,  Houston,  TX  77036. 


R  Systems.  Inc.  is  a  global  infor¬ 
mation  technology  services 
company  and  it  has  multiple  Job 
openings  for  the  following  posi¬ 
tions  at  its  corporate  office  in 
Sacramento  as  well  as  Project 
sites  throughout  the 
United  States: 

•  Applications  Programmer 

•  Database  Analyst 

•  Software  Engineers 

•  Systems  Analyst 

•  Network  Analyst 

•  IT  Project  Managers 

•  Business  Analyst 

•  Sales  Engineer 

•  Programmer  Analyst 

•  Sales  Manager 

•  Database  Administrators 

•  Market  Research  Analyst 

Minimum  requirement:  Bach¬ 
elor’s  degree  or  equivalent  and 
one  year  experience  in  the  job 
offered.  All  positions  may  involve 
relocation  to  project  sites. 

Submit  detailed  resume  and 
position  applied  for  to: 

Attn:  Venkatesh  Sundararajan 
5000  Windplay  Drive  Suite  5 
El  Dorado  Hills,  CA  95762 


Computers 

PROCESS  ENGINEER 

R.R.  Donnelley  &  Sons  Co 
(Nashville,  TN),  is  seeking  to 
hire  a  Process  Engineer  II  to 
design,  develop  &  document  in¬ 
tegration  software  used  to  auto¬ 
mate  &  facilitate  direct  interac¬ 
tion  between  existing  legacy 
systems  &  the  general  ledger 
Assess  the  current  systems/pro¬ 
cesses.  recommend  &  imple¬ 
ment  design  solutions  to  bridge 
&  transform  data  to  enable  auto¬ 
mation  to  the  ledger.  Develop  & 
execute  extensive  testing  plans 
&  develop  plans  to  migrate  pro¬ 
duction  ready  applications  to 
corporate  production  servers 
using  version  control  software. 
Maintain,  tune,  execute  network 
admin,  on  the  development  ser¬ 
ver.  Must  have  Bach,  degree  in 
CIS  &  3  yrs  exp.  Must  have  com¬ 
pleted  projects  involving  Visual 
Studio.net,  Microsoft  SQL  Ser¬ 
ver,  JAVA  Script,  Visual  Basic 
Scripts,  Access,  ASP.net,  XML. 
HTML,  and  ETL  modeling,  net¬ 
work  administration  &  version 
control  software.  Please  email 
resume  to:  corporateprocessen- 
gineer@rrd.com  EOE 


Software  Engineers  to  analyze, 
design,  develop  financial  appls 
using  OOD.C++,  VC++,  MFC, 
Visual  Source  Safe,  SQL  Server, 
Rational  Rose,  CrystalReports, 
ADO  under  Windows/UNIX  OS; 
perform  system/functional  req 
analysis;document  detailed  pro¬ 
ject  specs  and  review  conceptu¬ 
al  model  with  users;provide 
training/user  support  for  related 
appl  software;  performdebug- 
ging/modifications  of  existing 
software.  Require:  M.S.  or  for- 
eignequiv.  in  CS/Engg.(any 
branch)  with  1  yr  exp  in  IT.  High 
Salary.  Comp.salary.  f/t  position, 
travel  involved.  Resume  to:  HR, 
Autosig  Systems,  Inc.,  201, Price 
Hills  Trail.  Sugar  Hill,  GA  30518. 
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From  Chaos  to  Control 


SAN  JOSE,  CA 


FREE  EVENT  FOR 
QUALIFIED  PROFESSIONALS 


MODERATOR 

Mark  Gibbs 


LATEST  INTELLIGENCE,  TECHNOLOGY, 
AND  KNOW-HOW  TO  HELP  YOU: 

►  Understand  and  manage  content 
monitoring  and  filtering  systems 

►  Analyze  and  measure  the  real  business 
impacts  of  uninvited  e-mail 

►  Uncover  and  prevent  problems  inherent 
in  all  security  solutions 

►  Control,  protect  and  secure  wireless 
access  and  remote  users 

►  Attain  industry-wide  performance 
standards  and  the  best  practices  that 
achieve  them 

WHO  WILL  BE  THERE? 


Messaging  is  in  crisis.  Ever-escalating  e-mail  assaults  now  threaten  core  competencies  of  even  the 

most  sophisticated  corporations.  Leaving  beleaguered  network  managers  challenged  as  never  before. 

Spam  and  spyware.  Wireless  access  and  remote  users.  Legislation  and  lawsuits.  Today’s  professionals  face  a 
confusing  array  of  undifferentiated  tools  and  technologies  that  can  merely  mask  problems.  Bouncing  legitimate 
messages  as  well  as  unwanted  junk.  Filtering  essential  content  as  well  as  damaging  viruses. 

It’s  time  for  better,  more  aggressive  answers  that  once  again  make  messaging  an  efficient,  effective,  corporate- 
safe  application.  Solutions  that  ensure  network  integrity,  data  security  and  user  productivity.  In  a  structure  built 
to  withstand  today’s  chaotic  messaging  environment  by  returning  power  and  control  to  enterprise  network  managers. 

It’s  time  for  the  new  Network  World  Technology  Tour  event,  Messaging  and  Spam:  From  Chaos  to  Control. 
Must-know  info  presented  by  renowned  industry  expert,  Mark  Gibbs.  Must-see  technology  from  IronPort 
MailFrontier,  MX  Logic,  NetlQ,  SurfControl  and  Sybari  Software.  A  must-attend  event  you  cannot  afford  to  miss. 
While  attendance  is  free,  you  must  reserve  in  advance.  So  register  now  and  gain  control  again. 

Advance  Reservation  by  qualified  professionals  is  Required  for  Complimentary  Attendance 

Register  now  at  www.nwfusion.com/MSS4A2 
or  calll -800-643-4668 


PLATINUM  PRESENTING  SPONSORS: 


GOLD  EXHIBITING  SPONSORS: 


►  Expert  Event  Leaders 

Mark  Gibbs,  "Backspin"  and  "Gearhead" 
Columnist  of  Network  World 

►  Sandra  Gittlen,  Events  Editor  for 
Network  World 

and  leading  security  professionals  including: 


IRONPORT 

SYSTEMS 


MailFrontier 


IT  Directors  and  Managers 
CEOs  ,  CIOs,  CTOs 
7  /stem  architects  and  designers 
Not  rk  managers  and  engineers 


Advanced  Email  Defense 

LOGIC 


Q. 

net® 


SPAM  FIREWALLS 


®c*rockliffe 


ROCK  SOLID  / NTERNET  SOFTWARE" 


SOFTWARE 


A  PLATINUM  EOUITV  COMPANY 

€lsinglefin 

e-mail  protection  services 


■  .V  event  is  limited  to  Network  and  IT  professionals  involved 
*i  the  evaluation,  purchase  and  implementation  of  messaging 
products  and  services.  Network  World  Events  reserves  the  right 
to  determine  total  audience  and  profile  of  complimentary 
attendees.  Paid  registration  is  also  available. 


SurfControl'  Sybari 

To  join  sponsors  of  this  premier  Network  World  Event,  please  contact  Andrea  D'Amato  at  1  -508-490-6520  or  adamato@nww.com  for  free,  no-obligation  information. 
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workers  produce  more  with  new 
applications  that  convergence 
enables.  The  technology  can  save 
money  by  consolidating  access 
lines,  cutting  long-distance  costs 
and  reducing  the  expense  of 
reconfiguring  PBXs  when  some¬ 
one  moves  their  office,  but  not 
always,  he  said. 

Peterson  likened  the  potential 
voice/data  productivity  gains  to 
those  reaped  in  the  1990s  as  busi- 


More  online! 


In  the  rush  to  consolidate  —  servers, 
storage,  apps  —  there's  never  been  a 
more  important  moment  in  the  manage¬ 
ment  of  data  centers.  And  there’s  never 
been  a  Network  World  event  like 
Masterminding  the  New  Data  Center  to 
meet  the  challenge. 
DocFinder:  9934 


nesses  adopted  PCs,  client-server 
technology,  e-mail  and  the  Web. 
They  all  contributed  to  business 
success,  but  it’s  hard  to  say  just 
how  much  each  contributed  in 
terms  of  dollars. 

So  far,  it  seems  these  produc¬ 
tivity  benefits  are  best  reached 
by  targeted  groups  of  employ¬ 
ees  who  have  specific  business 
requirements  converged  mes¬ 
saging  applications  can  meet. 
Prudential  Northwest  Proper¬ 
ties,  a  Portland,  Ore.,  real  estate 
agency  with  about  750  agents, 
is  two  years  into  deploying 
3Com-based  VoIP  and  unified 
messaging. 

“For  us,  the  end  goal  was  mobil¬ 
ity’  says  CIO  Sean  McRae,  who 
attended  the  show.  He  says  his 
firm  saw  some  savings  by  replac¬ 
ing  Centrex  services  and  branch- 
office  key  systems  with  a  central¬ 
ized  IP  PBX,  but  that  wasn’t  the 
main  value. 

The  biggest  payoff  for  the  firm 
has  been  applications  that  let  for 
agents  be  more  accessible  and 
have  better  access  to  messaging 
and  other  data  resources.  “Our 
[agents]  are  frequently  working 
from  home,  in  a  car  or  in  a 
Starbucks,”  where  they  access  the 


Moving  to  IP 

While  the  total  number 
of  business  phone  lines 
will  grow  only  40  million 
between  2003  and  2007,  IP 
will  grow  significantly  as  a 
percentage  of  new  lines 
sold  over  the  same  period. 

Business  phone 
line  shipments  ■TDM 
(in  millions)  ■  IP 
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unified  messaging  system  over  a 
VPN  with  Wi-Fi  enabled  laptops, 
McRae  says.  He  says  IP  gets  at 
least  some  of  the  credit  for  in¬ 
creasing  sales,  with  some  work¬ 
ers  boosting  their  take  up 
to  40%. 

However,  organizations  with 


SIP  catches  on 


Vendors  atVoiceCon  2004  introduced  sup¬ 
port  for  Session  Initiation  Protocol  that 
they  say  will  lead  to  more  efficient  rout¬ 
ing  of  IP  traffic  and  enable  presence-based 
applications. 

3Com  says  a  new  SIP  call  routing  feature, 
called  Boundry  Voice  Routing,  in  itsVCX  enter¬ 
prise  softswitch  will  let  branch-office  IP  PBXs 
query  a  central  SIP  database  to  determine  the 
best  way  to  route  traffic.  This  feature  will  be  a 
software  update  to  the  VCX.The  company  also 
gave  a  sneak  peek  at  an  IP  PBX  called  the  VCX 
5500,  a  rack-mountable  branch-office  system 
that  can  connect  with  the  public  phone  network 
in  case  a  central  VCX  7200  fails.  The  software 
update  to  the  VCX  is  available  and  free  to  exist¬ 
ing  customers. 

At  the  show,  Microsoft  said  the  next  version  of 
the  company’s  Live  Communication  Server, 
code-named  Vienna,  will  let  SIP-based  Windows 
Messenger  clients  make  calls  through  IP-en¬ 
abled  PBXs  that  use  H.323  rather  than  SIP  for 
signaling.  By  encapsulating  H.323  messages  in 
SIP,  Microsoft  said  it  could  let  almost  any  XP- 
based  PC  act  as  a  softphone  client  to  a  PBX, 
while  also  supporting  multimedia  and  instant 
messaging  applications  on  Live  Communication 
Server.  The  new  capabilities  will  work  with  Nort¬ 
el's  Meridian  and  Avaya’s  legacy  Definity  PBXs 
with  VoIP  cards,  said  David  Soklic,  lead  program 
manager  for  Microsoft's  Live  Communication 
Server.  Pricing  and  availability  were  not 
disclosed. 


“If  enterprises  are  looking  for  a  Lingua  Franca 
for  all  devices  and  applications,  we  think  SIP  Is 
the  way  to  do  that,"  Soklic  said  during  a  session 
on  SIP  in  the  enterprise. 

Separately,  Citel  released  an  updated  version 
of  its  Citel  Link  SIP  Handset  Gateway, The  appli¬ 
ance  lets  digital  PBX  handsets  be  used  in  SIP- 
based  IP  Centrex  hosted  telephony  systems  or 
with  SIP-based  IP  PBXs. 

The  new  version  supports  handsets  for  Nortel 
Meridian  1,  NEC  DTERM  PBX  and  Avaya / 
Lucent  Definity  systems.  The  previous  version 
supported  only  Nortel  Norstart  handsets.  The 
Citel  gateway  has  been  certified  to  work  with  IP 
PBXs  from  3Com  and  Mitel  Networks.  It  costs 
$130  per  port. 

Also  at  the  show,  Lucent  introduced  a  pack¬ 
age  of  IP  telephony  gear  for  large  businesses 
that  has  been  scaled  down  from  its  carrier 
grade  offerings. 

Although  Lucent's  Accelerate  Enterprise  Solu¬ 
tions  package  is  based  on  H.323  today,  the  com¬ 
pany  says  it  plans  to  support  SIP. 

The  new  package  includes  Lucent’s  Enhanced 
Business  Services  Server,  a  portal  that  unites 
computer  and  telephony  features  to  support 
services  such  as  click  to  dial,  call  logging,  PC 
access  to  voice  mail  and  presence.  Also  in¬ 
cluded  is  gear  from  Lucent  partner  Broadsoft. 

Pricing  is  per  desktop  and  ranges  from  $200 
for  very  large  installations  to  four  times  that  for 
small  installations. 

—  Phil  Hochmuth  and  Tim  Greene 


larger,  more  diverse  workforces 
say  the  productivity  and  busi¬ 
ness  payoffs  of  IP-based  conver¬ 
gence  applications  are  not  as 
apparent. 

“There  doesn’t  seem  to  be  any 
[convergence]  applications  that 
could  add  a  real  business  value,” 
says  Edward  Jackson,  technical 
specialist  with  Cardinal  Health,  a 
Chicago  maker  of  medical  prod¬ 
ucts  with  more  than  30,000  em¬ 
ployees  nationwide. 

“We  have  such  a  diverse  group 
of  users  on  such  different  plat¬ 
forms,  it’s  hard  to  find  one  single 
application  that  will  instantly 
make  everyone  more  produc¬ 
tive,”  he  says.  “If  we  were  to  buy 
$1  million  worth  of  [IP  telepho¬ 
ny]  products,  it  had  better  pro¬ 
duce  $20  million  in  revenue.  1 
don’t  think  any  [IP  telephony 
vendors]  have  products  that  will 
do  that.” 

Jackson  came  to  VoiceCon  to 
check  out  products  for  a  poten¬ 
tial  migration  of  sites  to  IP  tele¬ 
phony  from  TDM  PBXs  —  a  mix 
of  Avaya,  Nortel  and  Siemens 
gear  at  90  sites.  But  he  says 
installing  IP  PBXs  to  reduce  long¬ 
distance  or  internal  administra¬ 
tive  costs  would  not  produce  sav¬ 
ings  because  most  calls  —  80% 
—  that  originate  inside  the  com¬ 
pany  are  to  people  outside.  “The 
company  doesn’t  call  itself  very 
much,”  he  says. 

The  strongest  immediate  driver 
for  switching  to  IP  telephony  will 
be  the  need  to  upgrade  old  PBXs 
as  their  usefulness  expires,  says 
Brian  Riggs,  an  analyst  with  Cur¬ 
rent  Analysis.  Replacing  them 
with  IP  technology  is  the  logical 
way  to  go.  “The  soft  savings  [a 
customer]  might  see  from  a  uni¬ 
fied  messaging  system  or 
employees  with  softphones  is 


hard  to  quantity"  he  says. 

“There  isn’t  a  compelling  rea¬ 
son  right  now  to  throw  out  a  PBX 
and  install  an  IP  PBX,  unless  it’s  a 
brand-new  facility’ Riggs  says. 

Businesses  also  are  having  trou¬ 
ble  justifying  a  change  from  TDM 
service  providers  to  IP  service 
providers  for  voice.  Traditional 
voice  services  are  so  inexpensive 
that  potential  savings  are  mini¬ 
mal,  says  Steven  Taylor,  principal 
at  consulting  firm  Distributed 
Networking  Associates. 

One  user  at  the  show,Niraj  Patel, 
the  executive  vice  president  and 
CIO  of  GMAC  Commercial  Mort¬ 
gage  of  Phoenix,  says  an  IP  con¬ 
verged  WAN  is  boosting  produc¬ 
tivity  but  he  acknowledged  he 
had  no  way  to  prove  it.  The  net¬ 
work  supports  videoconferenc¬ 
ing  that  he  says  has  led  to  closing 
multi-million-dollar  deals.  Lap¬ 
tops  support  softphones  that  give 
workers  the  same  voice  and  data 
access  they  have  at  their  desks 
at  work. 

There  are  savings,  but  they  are 
not  compelling  enough  on  their 
own  to  warrant  the  transition,  he 
says.  TDM  circuits  with  an  IP  ser¬ 
vice  from  Masergy  Commun¬ 
ications  for  both  voice  and  data 
saves  $60,000  per  year  in  interna¬ 
tional  voice  calls  and  $100,000  in 
videoconferencing  calls. 

The  decision  comes  down  to 
business  needs,  says  John  Kealey 
manager  of  applications  for 
Canada’s  IT  Services  Division, 
which  researches  IT  options  for 
government  agencies.  “If  you 
need  to  offer  new  services  that 
only  IP  supports,  then  you  buy  it,” 
he  says.  ■ 
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Microsoft 

continued  from  page  1 

tangle  of  software  maintenance 
offerings  to  a  single  plan. 

When  Matthews  signed  the  con¬ 
tract,  a  new  version  of  SQL  Server 
code-named  Yukon  was  slated  for 
release  in  2003,  but  the  ship  date 
slipped  into  early  2004  and  then 
to  the  end  of  this  year,  which  is 
beyond  the  expiration  date  of  his 
contract. 

“We  were  specifically  planning 
to  upgrade  to  Yukon,  which  we 
had  been  expecting  for  ages,” 
Matthews  says.  “It  leaves  a  bad 
taste  in  your  mouth.  As  the  CTO,  it 


puts  me  in  a  bad  position  to  go 
into  the  CFO  and  tell  him  we  got 
nothing  for  this  and  this  and  this.” 

With  his  contract  expiring  in 
June,  Matthews  says  he  also  got 
nothing  for  the  tens  of  thousands 
of  dollars  he  spent  on  Windows 
XP  but  added  he  saw  value  in 
Software  Assurance  contracts  on 
Windows  and  Office  with  the 
shipment  of  Windows  Server  2003 
and  Office  2003. 

Microsoft  and  every  other  major 
vendor  do  not  guarantee  soft¬ 
ware  upgrades  as  part  of  their 
maintenance  contracts.  But  users 
view  upgrades  as  the  meat  of 
their  contracts. 


MIM0 

continued  from  page  12 

cover  an  entire  office  or  home,  for  example.  The  Airgo  chipset  will 
support  both  the  802. 1 1  b/g  2.4-GHz  band  and  the  802.11a  5-GHz 
band,  the  vice  president  says. The  chipset  will  deliver  full  MIMO  ben¬ 
efits  with  MIMO  clients.  With  existing  802.11  b/g  and  802.11a  clients, 
the  chipset  will  work  like  a  conventional  WLAN  radio,  but  with  some¬ 
what  longer  range. 

MIMO  is  just  one  form  of  smart  antenna.  Motia  has  designed  its 
Javelin  2.4-GHz  chipset,  coupled  with  a  four-antenna  adaptive  array, 
as  an  add-on  for  existing  802.1 1  radio  transceivers. The  chipset  com¬ 
bines  signals  to  shape  an  optimal  radio  beam, and  like  MIMO  uses  the 
multipath  method,  says  Robert  Warner,  vice  president  of  sales  and 
marketing.  Motia  plans  to  have  chip  samples  available  shortly,  with 
volume  production  by  June. 

Wireless  switch  vendor  Vivato  Networks  uses  another  smart  anten¬ 
na  technique,  called  phased  array  This  approach  packs  a  lot  of  indi¬ 
vidual  antennas, each  with  a  slightly  different  directional  pattern,  into 
a  single  panel.  Algorithms  steer  the  radio  beam  to  the  appropriate 
antenna  elements  for  a  given  WLAN  client.The  result  is  a  big  increase 
in  range,  though  this  technique  has  been  most  successful  in  outdoor 
applications. 

MIMO  is  unique  because  it  multiplies  bandwidth  by  essentially 
providing  multiple  channels  between  devices, says  Ben  Manny, direc¬ 
tor  of  the  radio  communications  laboratory  in  Intel’s  corporate  tech¬ 
nology  group. “MIMO  is  the  one  antenna  [approach]  that  gives  you 
higher  point-to-point  data  rates,”  he  says. 

Intel  is  running  a  range  of  MIMO  projects,  with  an  eye  toward  mov¬ 
ing  more  wireless  radio  functions  into  complementary  metal-oxide 
semiconductor  (CMOS)  silicon. 

Two  other  WLAN  chip  makers,  Atheros  Communications  and 
Broadcom,  are  researching  MIMO,  but  both  declined  to  specify  the 
resources  they’re  devoting  to  it  or  when  they  will  have  chips  avail¬ 
able.  Executives  at  both  companies  say  MIMO  is  relatively  expensive 
to  create  in  silicon  and  that  buyers  will  resist  paying  even  a  small  pre¬ 
mium  for  more  WLAN  through¬ 
put  or  range.They  add  that  buyers 
will  resist  products  that  fall  out¬ 
side  the  IEEE  standard. 

Atheros  uses  a  technique 
called  channel-bonding  to  dou¬ 
ble  data  rates  for  its  802.1  lg  and 
802. 1 1  a/g  chipsets.  This  tech¬ 
nique  combines  54M  bit/sec 
channels  to  create  one  108M  bit/ 
sec  channel. 

Airgo’s  Raleigh  says  channel 
bonding  comes  with  its  own  high 
price:  It  uses  up  scarce  radio 
spectrum.  A  better  approach,  he 
says,  is  to  increase  the  data 
through  a  given  channel,  which 
MIMO  does.B 
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Going,  going,  gone 

Microsoft  will  see  more  than 
200,000  user  contracts  expire 
for  its  Upgrade  Advantage 
software  maintenance  by  July. 
Over  the  past  two  years,  those 
contracts  have  contributed 
significantly  to  the  company’s 
top  and  bottom  lines,  and  now 
Microsoft  faces  the  task  of 
re-signing  those  users  to  new 
Software  Assurance 
contracts. 


SI. 8 
$1.6 
SI  .4 
$1.2 
$1.0 
$0.8 
$0.6 
$0.4 
$0.2 
$0.0 


Upgrade  Advantage 
revenue  (in  billions) 


$4.8 

v jW-- 

...  '  '  '  ’""L 

■,v*y  ■  ■  y 

$1.1 

$0 

2003  2004  2005 


Matthews  says  Software  Assur¬ 
ance  was  marketed  from  the  start 
as  the  way  to  guarantee  rights  to 
new  software.  Howls  of  customer 
protest  greeted  the  2001  introduc¬ 
tion  of  Software  Assurance  and 
Microsoft’s  new  Licensing  6.0  pro¬ 
gram.  In  addition  to  fears  of  high¬ 
er  licensing  costs,  critics  said  one 
of  Software  Assurance’s  pitfalls 
could  be  Microsoft  failing  to 
deliver  new  software  during  a 
contract. 

“We  didn’t  buy  [Software  As¬ 
surance]  just  for  that  reason,” says 
Jason  Givens,  senior  systems  ana¬ 
lyst  for  Southwestern  Energy  in 
Houston.“We  don’t  upgrade  on  a 
fast  cycle,  and  by  the  time  our 
[Software  Assurance]  expired  we 
would  have  been  in  the  same 
boat  [as  Digitech] .”  He  says 
phone,  Web  and  other  support 
services  subsequently  added  to 
Software  Assurance  are  of  no 
value  to  him. 

Microsoft,  however,  says  those 
offerings  are  significant  to  Soft¬ 
ware  Assurance,  which  has  been 
revamped  over  the  past  two  years 
to  offset  customer  complaints 
about  its  value  and  cost. 

Microsoft’s  software  mainte¬ 
nance  costs  are  the  highest  in 
the  industry,  at  29%  of  the  full 
retail  price  for  desktop  software 
and  25%  for  server  software.  A 
$368  Office  license  would  carry 
nearly  a  $107  fee  for  Software 
Assurance. 

The  industry  average  is  21%, 
according  to  Forrester  Research. 

“We  learned  a  lot  since 
launch,  and  we  are  trying  to  take 
that  feedback  and  act  on  it,” says 
Sunny  Charlebois,  product  man¬ 
ager  in  Microsoft’s  worldwide 
licensing  and  product  group. 
She  disputes  that  Digitech 
received  nothing  for  its  $30,000, 
saying  Microsoft  shipped 
Notification  and  Reporting  ser¬ 
vices  for  SQL  Server  as  well  as 
SQL  Server  CE,  which  were  avail¬ 
able  to  Software  Assurance  cus¬ 
tomers.  But  Digitech  does  not 
use  that  technology 

In  September,  Microsoft  added 
training,  support  and  software 
tools,  and  home-use  rights  for 
Office  to  the  Software  Assurance 
menu,  but  did  not  cut  the  price, 
noting  that  Software  Assurance 
was  now  more  “than  just  upgrade 
protection.” 

“The  majority  of  the  reason  they 
added  all  this  stuff  is  they  antici¬ 
pated  upcoming  renewals,  and 
customers  questioning  the  value 
of  [Software  Assurance]  and  why 
they  didn’t  get  upgrades  in  their 
previous  contracts,”  says  Julie 
Giera,  vice  president  of  IT  man¬ 
agement  and  services  at  Forrester. 


“Microsoft  has  boatloads  of  re¬ 
newals  coming  up.” 

Microsoft  CFO  John  Connors 
told  financial  analysts  in 
January  that  more  than  200,000 
Upgrade  Advantage  software 
maintenance  contracts  will 
expire  by  July.  Upgrade 
Advantage  is  one  of  the  pro¬ 
grams  Software  Assurance  re¬ 
placed  two  years  ago.  At  the 
time,  many  users  rushed  to  sign 
new  Upgrade  Advantage  deals 
to  avoid  Software  Assurance, 
with  those  contracts  providing 
Microsoft  with  $1.8  billion  in  fis¬ 
cal  2003  and  $1.1  billion  in  fiscal 
2004  (which  ends  June  30). 

“Basically  we’ve  got  a  $1.1  bil¬ 
lion  hole  we  have  to  fill  going  into 
[fiscal  year]  ’05  from  Upgrade  Ad¬ 
vantage,”  Connors  told  the  finan¬ 
cial  analysts.  “We  definitely  do 
have  a  tougher  hurdle  going  into 
[fiscal  year]  ’05  than  we  had 
going  into  [fiscal  year]  ’04,  and 
we’ve  got  to  figure  out  how  do  we 
make  progress  against  that  hill 
when  we  know  it  sits  there.” 

One  problem  is  that  Upgrade 
Advantage  customers  under  Mi¬ 
crosoft’s  Open  and  Select  licens¬ 
ing  contracts  tend  to  be  smaller 
companies  that  buy  software  on  a 
license-only  basis,  which  means 
they  buy  licenses  when  they 
need  them.  Software  Assurance  is 
an  annuity  program,  in  which 
users  pay  a  recurring  fee  for 
upgrade  rights.  Microsoft  will 
have  to  try  to  change  the  mindset 
of  those  users.  Typically  75%  of 
users  re-sign  for  Microsoft’s  other 
licensing  program,  Enterprise 
Agreement,  which  is  for  larger 
companies  and  includes  Soft¬ 
ware  Assurance. 

Connors  said  Microsoft  would 
be  disappointed  it  if  moved  only 
10%  of  those  Upgrade  Advantage 
customers  onto  Software  Assur¬ 
ance  and  surprised  if  it  topped 
30%.  “If  we  didn’t  get  10%  . . .  it’s 
probably  an  indication  that  the 
market  isn’t  valuing  our  Software 


Assurance  offering,” he  said. 

To  combat  that  notion,  Micro¬ 
soft  recently  said  it  was  working 
on  something  called  XP  Re¬ 
loaded,  which  appears  to  be  an 
interim  release  of  the  desktop 
operating  system  before  the  big 
upgrade  to  Longhorn  now  slated 
for  2006.  It  also  lets  Microsoft  put 
some  software  in  the  pipeline  for 
Software  Assurance  customers.  A 
similar  upgrade  is  rumored  for  Of¬ 
fice, which  won’t  be  revised  again 
until  the  Longhorn  time  frame. 
Those  two  products  are  Micro¬ 
soft’s  historic  cash  cows. 

“This  is  a  thorny  issue  for 
Microsoft,”  says  Laura  DiDio,  an 
analyst  with  The  Yankee  Group. 

Case  in  point:  Exchange  users 
became  upset  when  Microsoft 
recently  released  its  Intelligent 
Message  Filter  but  made  it  avail¬ 
able  only  to  Software  Assurance 
customers. 

DiDio  says  the  software  mainte¬ 
nance  issue  is  not  good  for 
Microsoft  in  these  days  of  tight  IT 
spending  and  pressure  from 
open  source  software.  “[T]he 
chief  reason  to  buy  into  the  [Soft¬ 
ware  Assurance]  program  is  to 
get  upgrades,  the  rest  is  icing,”  she 
says. 

DiDio  and  Forrester’s  Giera  say 
now  is  the  time  to  sharpen  nego¬ 
tiating  skills. 

“We  don’t  say  wholesale  that 
customers  should  renew  their 
contracts,  that  would  be  craz)f 
says  Giera.  who  has  developed  an 
ROI  calculator  on  Software  Assur¬ 
ance  for  her  clients.  “Ix>ok  at  the 
[Software  Assurance]  features  — 
how  often  do  you  call  support, 
how  much  do  you  spend  on  train¬ 
ing.  Prepare  a  top  10  list  of  your 
needs.” 

She  says  Microsoft  is  giving 
concessions.“Customers  can  use 
this  situation  to  their  advantage,” 
she  says  ■ 
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Nightmare  or 

When  does  a  product  or  ser¬ 
vice  become  so  important  to 
our  culture  that  it  becomes 
what  you  could  call  “cultural  infra¬ 
structure”?  By  that  I  mean  some¬ 
thing  that,  if  you  removed  it  from 
our  lives,  would  have  serious  finan¬ 
cial  and/or  social  consequences 
that  would  compromise  the  well-being  of  a  signifi¬ 
cant  number  of  people. 

What  is  on  my  mind  is  the  role  of  Windows  in  our 
culture.  A  couple  of  weeks  ago  at  the  RSA  Confer¬ 
ence,  Microsoft  revealed  it  is  taking  a  new  approach 
to  computer  security  called  “behavior  blocking.” 

This  actually  isn’t  a  new  idea  —  Cisco  and  Net¬ 
work  Associates  use  this  concept  today  —  but  in  Bill 
Gates’  conference  keynote  address  (something  Gates 
usually  turns  into  a  marketing  pitch)  he  said, “you 
can  really  think  of  this  as  taking  the  notion  of  secure 
by  default  to  the  next  level.” 

Unfortunately  Gates  offered  no  details  of  the  tech¬ 
nologies  to  be  used  or  when  they  might  appear.  But 
the  message  is  clear:  Microsoft  wants  us  to  think  that 
something  is  being  done  and  that  the  company’s 
Trustworthy  Computing  initiative  hasn’t  stalled  out. 

But  we  can’t  wait  for  protection  from  all  the  threats 
that  face  us  and  we  can’t  trust  in  hand-waving  as  a 
guarantee  that  we  will  have  security  in  the  future. 


regulation,  your  choice 


Just  consider  what  would  happen  if  a  virus 
appeared  tomorrow  that  capitalized  on  some 
obscure,  hidden  code  in  the  Windows  kernel  that 
let  it  infect  any  machine  it  could  connect  to.  Let’s 
say  that  it  could  do  so  silently 

Now  let’s  further  suppose  that  at  a  set  time  the 
virus  trashes  every  infected  machine’s  registry  or 
maybe  deletes  the  host  PC’s  file  allocation  table. 

“Couldn’t  happen!”you  say?  How  do  you  know  it 
hasn’t  already  happened  and  that  the  trigger  data 
just  hasn’t  been  reached  yet?  What  if  that  date  is 
tomorrow?  Or  in  10  minutes? 

Whatever  this  threat  exactly  is  or  whenever  it  might 
do  it,  we  would  have  a  catastrophe  in  the  making. 
The  scale  of  the  problems  this  could  cause  would 
be  staggering  —  booking  systems  down,  point-of-sale 
systems  dead,  back-end  systems  offline  —  it  would 
be  a  disaster  of  biblical  proportions. 

In  the  1800s  when  the  railroads  were  being  devel¬ 
oped,  it  wasn’t  obvious  at  first  that  they  would  be¬ 
come  cultural  infrastructure.The  same  applied  to 
the  telephone  system  and  the  gas  and  oil  industries, 
the  power  supply  industry  and  on  and  on. 

But  at  some  point  we  noticed  that  it  was  necessary 
for  us  to  elevate  these  products  and  services  to  the 
status  of  cultural  infrastructure  and  regulate  them. 
We  didn’t  take  the  businesses  away  from  the  owners 
of  the  railroads  and  the  telephone  systems  as  was 


done  in  Europe,  but  rather  we  created  a  regulatory 
structure  that  was  supposed  to  ensure  the  integrity 
of  the  services  for  the  benefit  of  the  people. 

Of  course,  politics  and  vested  interests  have  made 
what  was  originally  a  philosophically  and  ethically 
sound  idea  look  more  like  a  fight  for  bargains  at  a 
post-Thanksgiving  red-tag  sale,  but  that  is,  unfortu¬ 
nately  the  nature  of  politics. 

Be  that  as  it  may  without  such  regulation,  our 
society  would  be  very  different  and  less  cohesive 
than  it  is  today. This  is  because  there  is  a  very  real 
limit  to  how  much  we  can  trust  our  fellow  man  to 
do  the  right  thing. 

Therein  lies  the  problem  with  Windows.lt  has  gone 
beyond  being  just  a  product  and  has  evolved 
through  its  success  into  cultural  infrastructure.  And 
now  it  needs  regulation. 

While  I.like  you,  dislike  government  interference 
in  general,  just  think  of  what  things  would  be  like 
without  regulation. Think  telephone  service  is  bad 
now?  Deregulated  telephone  service  probably 
would  be  a  nightmare.  A  nightmare  rather  like  the 
situation  we  could  be  in  unless  Microsoft  gets  secu¬ 
rity  right  or  we  take  charge  and  make  the  software 
company  get  it  right. 

Howls  of  protest  or  wild  cheering  to  backspin@ 
gibbs.com. 
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News,  insights,  opinions  and  oddities 


By  Paul  McNamara 

Instant  message 

Most  any  conversation  about  instant 
messaging  inevitably  turns  to  the  lack 
of  product  interoperability  that  continues  to  exert  a  drag  on  enterprise  adop¬ 
tion  and  bedevil  those  who  see  no  choice  but  to  dive  in  anyway.  Such  was  the 
case  at  last  week’s  Instant  Messaging  Planet  conference  in  Boston,  where  ven¬ 
dor  speakers  tripped  over  one  another  —  and  their  tongues  —  in  an  attempt  to 
assure  attendees  that  IM’s  time  is  now  even  though  interoperability  still  can’t 
find  the  party. 

The  message  wasn't  always  well  received,  despite  the  fact  that  these  vendors 
were  preaching  to  a  choir  of  IM  enthusiasts. 

“We’re  all  working  very,  very  hard  to  solve  this  problem,”  Jon  Sakoda,  vice 
president  of  products  at  IMIogic,  said  at  the  end  of  one  conference  session. 

Rather  than  applaud,  the  audience  erupted  in  laughter.  Not  the  reaction  one 
would  expect,  although  Sakoda  might  have  earlier  laid  the  groundwork  for  his 
being  dissed  when  he  rattled  off  the  familiar  litany  of  problems  plaguing  cor¬ 
porate  IM  adoption  and  labeled  them  all  "myths." 

Another  panelist,  Kieran  McCorry,  a  principal  consultant  at  HP,  helped  crys¬ 
tallize  the  scope  of  the  IM  challenge  when  he  told  of  an  internal  survey  that 
showed  tens  of  thousands  of  HP  employees  using  each  of  four  different  IM 
packages:  MSN,  AOL,  Yahoo  and  Jabber.  Any  attempt  to  standardize  on  a  sin¬ 
gle  enterprise  IM  product  for  the  company’s  160,000  employees  would  be  met 
with  fierce  opposition  from  all  these  factions,  whose  members  argue  convinc¬ 
ingly  that  the  consumer-oriented  clients  —  however  flawed  and  limited  —  have 
become  indispensable  business  tools. 

"I'm  sure  if  we  turned  them  off  it  would  create  a  lot  of  headaches  for  a  lot  of 
people,”  McCorry  said. 

A  number  of  conference  attendees  painted  similar  scenarios  in  their  ques¬ 


tions  posed  to  panelists,  whose  answers  were  variations  on  the  theme  that 
there's  plenty  of  value  to  be  gleaned  from  IM  today  and  plenty  of  third-party 
vendors  willing  to  take  your  money  to  show  you  how.Those  who  might  be 
tempted  to  wait  for  all  the  interoperability  and  standards  issues  to  sort  them¬ 
selves  out  couldn't  have  taken  much  comfort  from  the  general  tone  of  resigna¬ 
tion  about  that  wait  being  of  indeterminate  length. 

Perhaps  indicative  of  how  much  work  remains  was  the  enthusiastic  response 
from  attendees  to  Reuters  Messaging,  a  fee-based  service  that  will  let 
Reuters  customers  securely  interact  via  yet  another  proprietary  IM  client  with 
users  of  AOL  and  MSN,  a  trick  that  has  heretofore  been  rendered  impossible 
by  Microsoft's  unwillingness  to  play  nicely.  But  the  Reuters  service,  which  isn't 
expected  to  launch  until  this  summer,  will  be  available  only  to  the  financial  ser¬ 
vices  industry  and  initially  won't  include  access  to  users  of  Yahoo  or  enterprise 
IM  systems  such  as  Lotus  Sametime. 

In  other  words,  it’s  not  going  to  be  the  interoperability  answer  for  most  who 
went  to  this  conference  hoping  to  find  one. 

So  when  might  the  industry  —  particularly  the  keepers  of  the  major  public  IM 
networks  —  put  aside  their  differences  and  help  make  IM  as  easy  as  e-mail? 

“It's  a  matter  of  will.  It's  not  complicated,”  said  Microsoft's  Paul  Haverstock 
during  his  keynote  speech.  An  architect  for  his  company’s  RealTime  Messag¬ 
ing  and  Platform  Group,  Haverstock  added  that  under  the  current  state  of 
stalemate,  “the  only  ones  who  are  suffering  are  the  businesses”  that  use  IM. 

It’s  difficult  to  imagine  how  that  answer  was  helpful  to  anyone. 

Another  panelist  at  least  scored  points  for  candor: 

“If  I  was  to  leave  you  with  one  bit  of  advice  it  would  be:  Plan  on  a  heterogeneous 
IM  environment,”  said  Ennio  Carboni,  IMIogic's  director  of  product  marketing. 

This  time  no  one  laughed.  ...  I  can't  be  certain  there  weren’t  any  tears. 

Confession:  This  columnist  doesn 't  do  instant  messaging.  The  e-mail  address  is 
buzz@nww.com. 


With  HP  ProCurve  Networking  solutions,  you  can  get  the  gigabit  technology  you  need  without  having  to 

Sacrifice  your  entire  budget  to  get  it.  The  HP  ProCurve  Switch  2800  series  is  engineered  to  deliver  high-performance  gigabit 
technology  at  a  compelling  cost.  Our  switches  include  HP  support,  software  updates  and  our  industry-leading  lifetime  warranty.  With  intelligence 
pushed  to  the  edge  of  the  network,  you  get  the  control  you  need.  All  of  which  translates  into  a  better  return  on  your  IT  investment. 


HP  PROCURVE  SWITCH  2848 

$4,899 

44  10/100/1000  ports 

4  dual  personality  ports  for  10/100/1000 
or  mini-GBIC  connectivity 

802.1  x,  SSH,  SSL  and  port  security 

Lifetime  warranty  with  next-business-day 
advance  replacement*  * 


® 


invent 


To  learn  more  about  HP  ProCurve's  Jump  2  Gig  Trade-In,  go  to  www.hp.com/go/jump2gig 
or  call  1-800-975-7683  and  mention  code  5000. 


‘List  price.  "For  as  long  as  you  own  the  product  (available  in  most  countries).  ©2004  Hewlett-Packard  Development  Company,  L.P. 
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|ieiaUetl  picture^  of  Mars.  NASA  trusts  Sun  to  take  . 
(tienrto  Mars.  Wrere  can  Sun  take  you?  Find  out  at 
suh.fcom/mars  or  visit  Mars  at  mars.telascience.org 
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The  Network  is  the  Computer 
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